Reputation: 10802
Adding response header in Tomcat
I have a GeoServer application, running on top of Tomcat. What I want is to set one extra response header - Access-Control-Allow-Origin: *. I need this because now I cannot implement on feature in my map application, since in browser I get
The operation is insecure
message
According to this thread, I need to set this header: "Access-Control-Allow-Origin: *" and according to this thread in Tomcat I can set it via CATALINA_HOME/conf/web.xml:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I did exatly that, restarted the Tomcat, but still I do not see that header in response. This what server responds to the client:
So, how can I fix it? How can I force my GeoServer application (third party application) to respond with "Access-Control-Allow-Origin: *" ?
EDIT
I should add, that I'm using Tomcat 8. Besides, my filter now looks like:
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I added this filter both to the main web.xml and to the web.xml of the application, but to no avail. So, it seems like all previous solutions to this problem are outdated.
Upvotes: 5
Views: 20615
Answers (2)
Reputation: 43
Make sure when testing you are adding an Origin header to the request. Otherwise CORS response headers won't be returned. This will be done by the browser with any actual cross origin requests.
Upvotes: 0
Reputation: 39
I have just had the same problem and my solution was to add that code you mentioned in the geoserver web.xml
That was enough to solve the problem. No need to change anything in Tomcat
So just do:
CORS * for GeoServer with Tomcat add following to /var/lib/tomcat7/webapps/geoserver/WEB-INF/web.xml
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
At the end just restart tomcat (sudo systemctl restart tomcat.service)
Upvotes: 3
Related Questions
- Tomcat Response Header Fields
- Unset a tomcat response header
- How to set a header in an HTTP response?
- Write out Tomcat response headers
- How do I add headers in Tomcat web.xml?
- Tomcat 8.5: Header missing in the HTTP response
- OK missing from HTTP response header
- How to add headers of HTTP request to response
- Hide Status Code from response header in tomcat
- How to modify Tomcat's response header with valves?