CORS - Tomcat - Geoserver

user1680784 picture user1680784 · Mar 12, 2014 · Viewed 24.3k times · Source

All, I am trying to get CORS enabled on Tomcat 7.0.52 for Geoserver.

I modified web.xml in conf in tomcat, as specified in http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

But, that did not help set cross-origins in the header. I even tried it for geoserver web-inf/web.xml which did not help.

Any suggestions are appreciated.

Thanks!

Answer

jgrocha picture jgrocha · Jul 29, 2014

I need to do the same to avoid the usage of a proxy in OpenLayers.

Since I'm running Ubuntu 12.04, I've installed Tomcat 7.0.55, instead of the default 7.0.26 (installed from packages).

To add CORS headers, I simply added to $CATALINA_HOME/conf/web.xml the following lines:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

and then restart tomcat.

For example, when I try to fetch from Geoserver the URL http://development.localhost.lan/geoserver/wfs from my application running on http://localhost:3000 I get the following headers:

Requested headers:

POST /geoserver/wfs HTTP/1.1
Host: development.localhost.lan
Origin: http://localhost:3000
X-Requested-With: XMLHttpRequest
(...)

Response headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3000
Connection:Keep-Alive
Content-Disposition:inline; filename=geoserver-GetFeature.text
Content-Encoding:gzip
Content-Length:469
Content-Type:text/xml; subtype=gml/3.1.1
Date:Tue, 29 Jul 2014 21:31:08 GMT
Keep-Alive:timeout=5, max=100
Server:Apache-Coyote/1.1

This worked with Chrome (Ver. 35.0.1916.153) and Firefox (Ver. 31.0).