Hello Joe,
I believe newer versions of Tomcat (8.5, 9.0) require slightly more strict
CORS configuration than older versions.
I have had some success with the following general configuration (on Tomcat
8.5):
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class><init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Methods</param-value>
</init-param></filter><filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern></filter-mapping>
This is a simple configuration that pretty much allows everything. If you
are just running GeoServer locally, this is fine, but it should not be used
for any sort of production system - in that case, you should adjust origins
and methods as appropriate.
(One other note: If you are testing on Chrome, the web console, under
Developer Tools, should report whether a request was blocked because of
CORS. If it doesn't, there is likely some other reason for the 403 response)
Cheers,
Torben
On Mon, Sep 10, 2018 at 10:48 AM Andrea Aime <andrea.a...@geo-solutions.it>
wrote:
> Hi Joe,
> question, do you have service security set up, so that GeoServer would
> outright deny
> a request unless the user making the request is authorized to?
> E.g., something like denying any WFS request if the user does not have a
> particular role?
>
> Cheers
> Andrea
>
> On Mon, Sep 10, 2018 at 7:13 PM Joe Murphy <joseph.b.murp...@gmail.com>
> wrote:
>
>> I'm not super up to speed on how you are using CORS. But i have it
>> working fine in my build. Please let me know how I can help..
>>
>> Geoserver 2.13.2.war, Tomcat 9.0.7, Debian Docker Container.
>>
>> Maybe just looking at my web.xml file would help?
>>
>>
>> Joe
>>
>>
>> On Mon, Sep 10, 2018, 10:05 AM Andrea Aime <andrea.a...@geo-solutions.it>
>> wrote:
>>
>>> Hi,
>>> for the longest time CORS has been "not our problem", it's normally
>>> managed in the web container (e.g., Tomcat, Jetty) or in
>>> the eventual application fronting GeoServer (e.g., Apache, NGINX).
>>> Maybe things have changed with the latest versions of Spring, if I
>>> search for preflight test I find all sorts of configurations to be
>>> made in Spring in order to allow them (none of them immediately
>>> compatible with how GeoServer works though).
>>> It could be that CORS needs to be managed directly in GeoServer when
>>> authentication is involved... but to be honest, I don't know,
>>> I'm not a javascript developer and have no clue if the preflight tests
>>> can be properly supported by just configuring the container,
>>> or if they actually need some code change in GeoServer.
>>>
>>> I understand it's not very helpful, but it's all I have for the "5
>>> minutes user help" I can provide on this list.
>>>
>>> Cheers
>>> Andrea
>>>
>>> On Tue, Sep 4, 2018 at 10:14 PM Steric, Nenad <nenad.ste...@zuehlke.com>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>>
>>>>
>>>> i had a working geoserver installation last year where CORS was enabled,
>>>>
>>>> but for some reason now I cannot reproduce this.
>>>>
>>>>
>>>>
>>>> I have posted all the details to
>>>>
>>>>
>>>> https://gis.stackexchange.com/questions/294744/geoserver-wms-cors-enabled-in-web-xml-still-error
>>>>
>>>> but I can repost them here if you need this.
>>>>
>>>>
>>>>
>>>> From the error message (or lack of) it seems that
>>>>
>>>> CORS should be active
>>>>
>>>> But the pre-flight OPTIONS-request yields a Forbidden response.
>>>>
>>>>
>>>>
>>>> This is strange as this exact code I am using was working last year.
>>>>
>>>> Did the checks of the browser (Chrome,FF, I think I also tested IE )
>>>> change ?
>>>>
>>>>
>>>>
>>>> Do you have any other idea what I could check or change ?
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Nenad
>>>>
>>>>
>>>>
>>>> P.S. Aktuelle Veranstaltungen: zuehlke.com/events
>>>> Zühlke Blog: blog.zuehlke.com
>>>> <https://www.zuehlke.com/blog/#utm_source=email&utm_medium=signature>
>>>>
>>>> *Nenad Steric*
>>>> Expert Software Engineer
>>>>
>>>> Zühlke Engineering (Austria) GmbH
>>>> Rivergate, Handelskai 92, 1200 Wien, Österreich
>>>> Phone +43 1 205 11 6855
>>>> nenad.ste...@zuehlke.com
>>>>
>>>>
>>>> This e-mail is for the addressees only. The information it contains is
>>>> confidential
>>>> and may be legally privileged. If you are not an addressee you must not
>>>> distribute,
>>>> copy, disclose, use or rely on this e-mail or its contents and you must
>>>> immediately
>>>> notify the sender you are in receipt of this e-mail and delete all
>>>> copies from your
>>>> system. Any unauthorised use may be unlawful.
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Geoserver-users mailing list
>>>>
>>>> Please make sure you read the following two resources before posting to
>>>> this list:
>>>> - Earning your support instead of buying it, but Ian Turton:
>>>> http://www.ianturton.com/talks/foss4g.html#/
>>>> - The GeoServer user list posting guidelines:
>>>> http://geoserver.org/comm/userlist-guidelines.html
>>>>
>>>> If you want to request a feature or an improvement, also see this:
>>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>>>
>>>>
>>>> Geoserver-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>>
>>>
>>>
>>> --
>>>
>>> Regards, Andrea Aime == GeoServer Professional Services from the
>>> experts! Visit http://goo.gl/it488V for more information. == Ing.
>>> Andrea Aime @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito
>>> 3/A 55054 Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob:
>>> +39 339 8844549 http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>> ------------------------------------------------------- *Con
>>> riferimento alla normativa sul trattamento dei dati personali (Reg. UE
>>> 2016/679 - Regolamento generale sulla protezione dei dati “GDPR”), si
>>> precisa che ogni circostanza inerente alla presente email (il suo
>>> contenuto, gli eventuali allegati, etc.) è un dato la cui conoscenza è
>>> riservata al/i solo/i destinatario/i indicati dallo scrivente. Se il
>>> messaggio Le è giunto per errore, è tenuta/o a cancellarlo, ogni altra
>>> operazione è illecita. Le sarei comunque grato se potesse darmene notizia.
>>> This email is intended only for the person or entity to which it is
>>> addressed and may contain information that is privileged, confidential or
>>> otherwise protected from disclosure. We remind that - as provided by
>>> European Regulation 2016/679 “GDPR” - copying, dissemination or use of this
>>> e-mail or the information herein by anyone other than the intended
>>> recipient is prohibited. If you have received this email by mistake, please
>>> notify us immediately by telephone or e-mail.*
>>> _______________________________________________
>>> Geoserver-users mailing list
>>>
>>> Please make sure you read the following two resources before posting to
>>> this list:
>>> - Earning your support instead of buying it, but Ian Turton:
>>> http://www.ianturton.com/talks/foss4g.html#/
>>> - The GeoServer user list posting guidelines:
>>> http://geoserver.org/comm/userlist-guidelines.html
>>>
>>> If you want to request a feature or an improvement, also see this:
>>> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>>>
>>>
>>> Geoserver-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>>>
>>
>
> --
>
> Regards, Andrea Aime == GeoServer Professional Services from the experts!
> Visit http://goo.gl/it488V for more information. == Ing. Andrea Aime
> @geowolf Technical Lead GeoSolutions S.A.S. Via di Montramito 3/A 55054
> Massarosa (LU) phone: +39 0584 962313 fax: +39 0584 1660272 mob: +39 339
> 8844549 http://www.geo-solutions.it http://twitter.com/geosolutions_it
> ------------------------------------------------------- *Con riferimento
> alla normativa sul trattamento dei dati personali (Reg. UE 2016/679 -
> Regolamento generale sulla protezione dei dati “GDPR”), si precisa che ogni
> circostanza inerente alla presente email (il suo contenuto, gli eventuali
> allegati, etc.) è un dato la cui conoscenza è riservata al/i solo/i
> destinatario/i indicati dallo scrivente. Se il messaggio Le è giunto per
> errore, è tenuta/o a cancellarlo, ogni altra operazione è illecita. Le
> sarei comunque grato se potesse darmene notizia. This email is intended
> only for the person or entity to which it is addressed and may contain
> information that is privileged, confidential or otherwise protected from
> disclosure. We remind that - as provided by European Regulation 2016/679
> “GDPR” - copying, dissemination or use of this e-mail or the information
> herein by anyone other than the intended recipient is prohibited. If you
> have received this email by mistake, please notify us immediately by
> telephone or e-mail.*
> _______________________________________________
> Geoserver-users mailing list
>
> Please make sure you read the following two resources before posting to
> this list:
> - Earning your support instead of buying it, but Ian Turton:
> http://www.ianturton.com/talks/foss4g.html#/
> - The GeoServer user list posting guidelines:
> http://geoserver.org/comm/userlist-guidelines.html
>
> If you want to request a feature or an improvement, also see this:
> https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
>
>
> Geoserver-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/geoserver-users
>
_______________________________________________
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this
list:
- Earning your support instead of buying it, but Ian Turton:
http://www.ianturton.com/talks/foss4g.html#/
- The GeoServer user list posting guidelines:
http://geoserver.org/comm/userlist-guidelines.html
If you want to request a feature or an improvement, also see this:
https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
