CORS - Tomcat - Geoserver

Question

All, I am trying to get CORS enabled on Tomcat 7.0.52 for Geoserver.

I modified web.xml in conf in tomcat, as specified in http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter

But, that did not help set cross-origins in the header. I even tried it for geoserver web-inf/web.xml which did not help.

Any suggestions are appreciated.

Thanks!

Given that there is no such Tomcat version as 7.0.57, which version are you actually using? Exactly what did you add to exactly which web.xml file(s). — Mark Thomas, Mar 12 '14 at 20:49
For testing purposes, it is the xml piece under "Here's an example of a more advanced configuration, that overrides defaults:" in the above link. I understand that would be wide open, but after testing, it can be modified to a more appropriate one. — user1680784, Mar 13 '14 at 21:41
And you added that text to which XML file? You need to answer *all* of the questions people ask. — Mark Thomas, Mar 13 '14 at 21:50
Tomcat\conf -> web.xml for all web applications. I even tried GeoServer WEB-LIB\web.xml to get it working! — user1680784, Mar 14 '14 at 23:10
WEB-LIB\xml? Really? I'd suggest enabling debug logging but a quick scan of the code suggests that won't tell you anything useful. Are upi able to do remote debugging of the Tomcat instance? — Mark Thomas, Mar 15 '14 at 19:09

score 49 · Accepted Answer · answered Jul 29 '14 at 21:51

I need to do the same to avoid the usage of a proxy in OpenLayers.

Since I'm running Ubuntu 12.04, I've installed Tomcat 7.0.55, instead of the default 7.0.26 (installed from packages).

To add CORS headers, I simply added to $CATALINA_HOME/conf/web.xml the following lines:

<filter>
  <filter-name>CorsFilter</filter-name>
  <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
  <init-param>
    <param-name>cors.allowed.origins</param-name>
    <param-value>*</param-value>
  </init-param>
</filter>
<filter-mapping>
  <filter-name>CorsFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

and then restart tomcat.

For example, when I try to fetch from Geoserver the URL http://development.localhost.lan/geoserver/wfs from my application running on http://localhost:3000 I get the following headers:

Requested headers:

POST /geoserver/wfs HTTP/1.1
Host: development.localhost.lan
Origin: http://localhost:3000
X-Requested-With: XMLHttpRequest
(...)

Response headers:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3000
Connection:Keep-Alive
Content-Disposition:inline; filename=geoserver-GetFeature.text
Content-Encoding:gzip
Content-Length:469
Content-Type:text/xml; subtype=gml/3.1.1
Date:Tue, 29 Jul 2014 21:31:08 GMT
Keep-Alive:timeout=5, max=100
Server:Apache-Coyote/1.1

This worked with Chrome (Ver. 35.0.1916.153) and Firefox (Ver. 31.0).

For me the file was `/var/lib/tomcat7/webapps/geoserver/WEB-INF/web.xml` — Terry Brown, Aug 05 '15 at 17:18
For me the file was /var/lib/tomcat8/webapps/geoserver/WEB-INF/web.xml. It resolved the issue at last Thanks @jgrocha and **Terry Brown**. — Awais Khan, Jul 31 '19 at 07:23

score 6 · Answer 2 · answered Mar 25 '15 at 15:44

6

I needed to add the following to the CorsFilter to make sure that the preflight 'OPTIONS' request was allowed

<init-param>
  <param-name>cors.allowed.methods</param-name>
  <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>

answered Mar 25 '15 at 15:44

stvn

105
1
6

This is useful addendum to the answer given by @jgrocha if other methods are required. – sbk Oct 05 '16 at 03:44

score 2 · Answer 3 · answered Apr 09 '20 at 00:03

In my case I was using kartoza/geoserver docker image and I had to download the GeoServer war file from the GeoServer website (for the version used in the docker image) and added the geoserver.war file to the directory /usr/local/tomcat/webapps/ and restarted tomcat.

Only with this configuration above, I managed to enable CORS. Only adding the corsFilter code to web.xml and restarting tomcat, it was resulting in a 404 error when accessing GeoServer. So after adding the war file, the corsFilter code is recognised and it works well.

I hope this helps someone with a similar error.

score -1 · Answer 4 · edited Jul 14 '17 at 07:26

Hey Guys After adding this script in web.xml

<filter>
    <filter-name>cross-origin</filter-name>
    <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
    <init-param>
        <param-name>allowedOrigins</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>allowedMethods</param-name>
        <param-value>*</param-value>
    </init-param>
    <init-param>
        <param-name>allowedHeaders</param-name>
        <param-value>*</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>cross-origin</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

please change the url in your ajax like this

var boxsource = new ol.source.Vector({
        //url: '{{ resource.ows_url|safe }}',
        url: 'http://localhost:8080/geoserver/wfs?srsName=EPSG%3A4326&typename=cite:box&outputFormat=json&version=1.1.0&service=WFS&request=GetFeature',
        format: new ol.format.GeoJSON(),

        params: {'LAYERS': '{{ resource.typename }}'},
        //STYLES:{'LAYERS': '{{ resource.typename }}'}

    });

then it will be okey. I promise

don't add the **jetty** servlet to a **tomcat** install – Ian Turton Mar 12 '20 at 13:30 — Ian Turton, Mar 12 '20 at 13:30

CORS - Tomcat - Geoserver

4 Answers4

Linked