CORS - Tomcat - Geoserver

Question

All, I am trying to get CORS enabled on Tomcat 7.0.52 for Geoserver.

I modified web.xml in conf in tomcat, as specified in http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

But, that did not help set cross-origins in the header. I even tried it for geoserver web-inf/web.xml which did not help.

Any suggestions are appreciated.

Thanks!

Answer 1

I need to do the same to avoid the usage of a proxy in OpenLayers.

Since I'm running Ubuntu 12.04, I've installed Tomcat 7.0.55, instead of the default 7.0.26 (installed from packages).

To add CORS headers, I simply added to $CATALINA_HOME/conf/web.xml the following lines:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

and then restart tomcat.

For example, when I try to fetch from Geoserver the URL http://development.localhost.lan/geoserver/wfs from my application running on http://localhost:3000 I get the following headers:

Requested headers:

POST /geoserver/wfs HTTP/1.1
Host: development.localhost.lan
Origin: http://localhost:3000
X-Requested-With: XMLHttpRequest
(...)

Response headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3000
Connection:Keep-Alive
Content-Disposition:inline; filename=geoserver-GetFeature.text
Content-Encoding:gzip
Content-Length:469
Content-Type:text/xml; subtype=gml/3.1.1
Date:Tue, 29 Jul 2014 21:31:08 GMT
Keep-Alive:timeout=5, max=100
Server:Apache-Coyote/1.1

This worked with Chrome (Ver. 35.0.1916.153) and Firefox (Ver. 31.0).

Answer 2

I needed to add the following to the CorsFilter to make sure that the preflight 'OPTIONS' request was allowed

<init-param>
  <param-name>cors.allowed.methods</param-name>
  <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>

Answer 3

In my case I was using kartoza/geoserver docker image and I had to download the GeoServer war file from the GeoServer website (for the version used in the docker image) and added the geoserver.war file to the directory /usr/local/tomcat/webapps/ and restarted tomcat.

Only with this configuration above, I managed to enable CORS. Only adding the corsFilter code to web.xml and restarting tomcat, it was resulting in a 404 error when accessing GeoServer. So after adding the war file, the corsFilter code is recognised and it works well.

I hope this helps someone with a similar error.