GeoServer WMS – Troubleshooting CORS Enabled in web.xml Errors

corsgeoserverjettywms

I have tried both geoserver 2.12.5 and 2.13.2 with CORS enabled and on both i get an "Invalid CORS request" when accessing WMS from an external webapp.

steps :

  1. install geoserver, port 8095, i have tried both Linux and Windows
  2. enable CORS in web.xml
  3. restart
  4. access WMS from an angular app that runs on 9000 -> CORS Error
  5. the same call in a separate tab is getting a json response with the expected data

Accessing it through geoserver "preview layers" is working,
(also the GetFeatureInfo-call as there it is not a CORS-call)

I am using the sample layer nurc:Img_Sample

Using a different IP than 127.0.0.1 does not change anything.

http://127.0.0.1:8095/geoserver/nurc/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&layers=nurc:Img_Sample&time=2018-08-15/2018-09-03&info_format=application/json&BBOX=-523.3886718750001,18.97902595325528,-406.14257812500006,69.3493386397765&FEATURE_COUNT=5&HEIGHT=890&WIDTH=1334&query_layers=nurc:Img_Sample&SRS=EPSG:4326&buffer=15&X=1127&Y=415

This was working in an older version (from 2017 – so maybe 2.11 ?, or did the browsers checks change ?)

From Chrome :

Request Method: OPTIONS
Status Code: 403 Forbidden
Remote Address: 127.0.0.1:8095
Referrer Policy: no-referrer-when-downgrade

Response Headers :

Allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Content-Length: 20
Server: Jetty(9.2.13.v20150730)
X-Frame-Options: SAMEORIGIN

!Provisional headers are shown
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Origin: http://localhost:9000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36

From the console :

`
zone.js:2224 OPTIONS http://127.0.0.1:8095/geoserver/nurc/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&layers=nurc:Img_Sample&time=2018-08-15/2018-09-03&info_format=application/json&BBOX=-523.3886718750001,18.97902595325528,-406.14257812500006,69.3493386397765&FEATURE_COUNT=5&HEIGHT=890&WIDTH=1334&query_layers=nurc:Img_Sample&SRS=EPSG:4326&buffer=15&X=1127&Y=415 403 (Forbidden)

zone.js:2224 OPTIONS http://127.0.0.1:8095/geoserver/nurc/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&layers=nurc:Img_Sample&time=2018-08-15/2018-09-03&info_format=application/json&BBOX=-523.3886718750001,18.97902595325528,-406.14257812500006,69.3493386397765&FEATURE_COUNT=5&HEIGHT=890&WIDTH=1334&query_layers=nurc:Img_Sample&SRS=EPSG:4326&buffer=15&X=1127&Y=415 403 (Forbidden)

Failed to load http://127.0.0.1:8095/geoserver/nurc/wms?SERVICE=WMS&VERSION=1.1.1&REQUEST=GetFeatureInfo&layers=nurc:Img_Sample&time=2018-08-15/2018-09-03&info_format=application/json&BBOX=-523.3886718750001,18.97902595325528,-406.14257812500006,69.3493386397765&FEATURE_COUNT=5&HEIGHT=890&WIDTH=1334&query_layers=nurc:Img_Sample&SRS=EPSG:4326&buffer=15&X=1127&Y=415: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:9000' is therefore not allowed access.

01:00:35.526 vendor.dll.js:8 ERROR HttpErrorResponse {headers: HttpHeaders, status: 0, statusText: "Unknown Error", url: null, ok: false, …}

`

Any ideas what the issue is here ?

Best Answer

Add the following in web.xml file under cross-origin filter-name

<init-param>
       <param-name>allowedOrigins</param-name>
       <param-value>*</param-value>
   </init-param>
   <init-param>
       <param-name>allowedMethods</param-name>
       <param-value>GET,POST,OPTIONS,DELETE,PUT,HEAD</param-value>
   </init-param>
   <init-param>
       <param-name>allowedHeaders</param-name>
       <param-value>origin, content-type, accept, authorization</param-value>
   </init-param>
Related Question