Hello Joe, I believe newer versions of Tomcat (8.5, 9.0) require slightly more strict CORS configuration than older versions.
I have had some success with the following general configuration (on Tomcat 8.5): <filter> <filter-name>CorsFilter</filter-name> <filter-class>org.apache.catalina.filters.CorsFilter</filter-class><init-param> <param-name>cors.allowed.origins</param-name> <param-value>*</param-value> </init-param> <init-param> <param-name>cors.allowed.methods</param-name> <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value> </init-param> <init-param> <param-name>cors.exposed.headers</param-name> <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Methods</param-value> </init-param></filter><filter-mapping> <filter-name>CorsFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping> This is a simple configuration that pretty much allows everything. If you are just running GeoServer locally, this is fine, but it should not be used for any sort of production system - in that case, you should adjust origins and methods as appropriate. (One other note: If you are testing on Chrome, the web console, under Developer Tools, should report whether a request was blocked because of CORS. If it doesn't, there is likely some other reason for the 403 response) Cheers, Torben On Mon, Sep 10, 2018 at 10:48 AM Andrea Aime <andrea.a...@geo-solutions.it> wrote: > Hi Joe, > question, do you have service security set up, so that GeoServer would > outright deny > a request unless the user making the request is authorized to? > E.g., something like denying any WFS request if the user does not have a > particular role? > > Cheers > Andrea > > On Mon, Sep 10, 2018 at 7:13 PM Joe Murphy <joseph.b.murp...@gmail.com> > wrote: > >> I'm not super up to speed on how you are using CORS. But i have it >> working fine in my build. Please let me know how I can help.. >> >> Geoserver 2.13.2.war, Tomcat 9.0.7, Debian Docker Container. >> >> Maybe just looking at my web.xml file would help? >> >> >> Joe >> >> >> On Mon, Sep 10, 2018, 10:05 AM Andrea Aime <andrea.a...@geo-solutions.it> >> wrote: >> >>> Hi, >>> for the longest time CORS has been "not our problem", it's normally >>> managed in the web container (e.g., Tomcat, Jetty) or in >>> the eventual application fronting GeoServer (e.g., Apache, NGINX). >>> Maybe things have changed with the latest versions of Spring, if I >>> search for preflight test I find all sorts of configurations to be >>> made in Spring in order to allow them (none of them immediately >>> compatible with how GeoServer works though). >>> It could be that CORS needs to be managed directly in GeoServer when >>> authentication is involved... but to be honest, I don't know, >>> I'm not a javascript developer and have no clue if the preflight tests >>> can be properly supported by just configuring the container, >>> or if they actually need some code change in GeoServer. >>> >>> I understand it's not very helpful, but it's all I have for the "5 >>> minutes user help" I can provide on this list. >>> >>> Cheers >>> Andrea >>> >>> On Tue, Sep 4, 2018 at 10:14 PM Steric, Nenad <nenad.ste...@zuehlke.com> >>> wrote: >>> >>>> Hello, >>>> >>>> >>>> >>>> i had a working geoserver installation last year where CORS was enabled, >>>> >>>> but for some reason now I cannot reproduce this. >>>> >>>> >>>> >>>> I have posted all the details to >>>> >>>> >>>> https://gis.stackexchange.com/questions/294744/geoserver-wms-cors-enabled-in-web-xml-still-error >>>> >>>> but I can repost them here if you need this. >>>> >>>> >>>> >>>> From the error message (or lack of) it seems that >>>> >>>> CORS should be active >>>> >>>> But the pre-flight OPTIONS-request yields a Forbidden response. >>>> >>>> >>>> >>>> This is strange as this exact code I am using was working last year. >>>> >>>> Did the checks of the browser (Chrome,FF, I think I also tested IE ) >>>> change ? >>>> >>>> >>>> >>>> Do you have any other idea what I could check or change ? >>>> >>>> >>>> >>>> Thanks, >>>> >>>> Nenad >>>> >>>> >>>> >>>> P.S. Aktuelle Veranstaltungen: zuehlke.com/events >>>> Zühlke Blog: blog.zuehlke.com >>>> <https://www.zuehlke.com/blog/#utm_source=email&utm_medium=signature> >>>> >>>> *Nenad Steric* >>>> Expert Software Engineer >>>> >>>> Zühlke Engineering (Austria) GmbH >>>> Rivergate, Handelskai 92, 1200 Wien, Österreich >>>> Phone +43 1 205 11 6855 >>>> nenad.ste...@zuehlke.com >>>> >>>> >>>> This e-mail is for the addressees only. The information it contains is >>>> confidential >>>> and may be legally privileged. If you are not an addressee you must not >>>> distribute, >>>> copy, disclose, use or rely on this e-mail or its contents and you must >>>> immediately >>>> notify the sender you are in receipt of this e-mail and delete all >>>> copies from your >>>> system. Any unauthorised use may be unlawful. >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Check out the vibrant tech community on one of the world's most >>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>>> _______________________________________________ >>>> Geoserver-users mailing list >>>> >>>> Please make sure you read the following two resources before posting to >>>> this list: >>>> - Earning your support instead of buying it, but Ian Turton: >>>> http://www.ianturton.com/talks/foss4g.html#/ >>>> - The GeoServer user list posting guidelines: >>>> http://geoserver.org/comm/userlist-guidelines.html >>>> >>>> If you want to request a feature or an improvement, also see this: >>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>>> >>>> >>>> Geoserver-users@lists.sourceforge.net >>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>>> >>> >>> >>> -- >>> >>> Regards, Andrea Aime == GeoServer Professional Services from the >>> experts! Visit http://goo.gl/it488V for more information. == Ing. >>> Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito >>> 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: >>> +39 339 8844549 http://www.geo-solutions.it >>> http://twitter.com/geosolutions_it >>> ------------------------------------------------------- *Con >>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE >>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si >>> precisa che ogni circostanza inerente alla presente email (il suo >>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è >>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il >>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra >>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia. >>> This email is intended only for the person or entity to which it is >>> addressed and may contain information that is privileged, confidential or >>> otherwise protected from disclosure. We remind that - as provided by >>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this >>> e-mail or the information herein by anyone other than the intended >>> recipient is prohibited. If you have received this email by mistake, please >>> notify us immediately by telephone or e-mail.* >>> _______________________________________________ >>> Geoserver-users mailing list >>> >>> Please make sure you read the following two resources before posting to >>> this list: >>> - Earning your support instead of buying it, but Ian Turton: >>> http://www.ianturton.com/talks/foss4g.html#/ >>> - The GeoServer user list posting guidelines: >>> http://geoserver.org/comm/userlist-guidelines.html >>> >>> If you want to request a feature or an improvement, also see this: >>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer >>> >>> >>> Geoserver-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/geoserver-users >>> >> > > -- > > Regards, Andrea Aime == GeoServer Professional Services from the experts! > Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime > @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054 > Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339 > 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it > ------------------------------------------------------- *Con riferimento > alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 - > Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni > circostanza inerente alla presente email (il suo contenuto, gli eventuali > allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i > destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per > errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le > sarei comunque grato se potesse darmene notizia. This email is intended > only for the person or entity to which it is addressed and may contain > information that is privileged, confidential or otherwise protected from > disclosure. We remind that - as provided by European Regulation 2016/679 > “GDPR” - copying, dissemination or use of this e-mail or the information > herein by anyone other than the intended recipient is prohibited. If you > have received this email by mistake, please notify us immediately by > telephone or e-mail.* > _______________________________________________ > Geoserver-users mailing list > > Please make sure you read the following two resources before posting to > this list: > - Earning your support instead of buying it, but Ian Turton: > http://www.ianturton.com/talks/foss4g.html#/ > - The GeoServer user list posting guidelines: > http://geoserver.org/comm/userlist-guidelines.html > > If you want to request a feature or an improvement, also see this: > https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer > > > Geoserver-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/geoserver-users >
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users