[Geoserver-devel] [JIRA] (GEOS-11052) Default config files do not indicate correctly how to setup the CORS filter

Wed, 05 Jul 2023 02:52:47 -0700 

Robin KERDILES ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=61f12e4e875fc100703d9b67
 ) *created* an issue

GeoServer ( 
https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 ) / Bug ( 
https://osgeo-org.atlassian.net/browse/GEOS-11052?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 ) GEOS-11052 ( 
https://osgeo-org.atlassian.net/browse/GEOS-11052?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 ) Default config files do not indicate correctly how to setup the CORS filter 
( 
https://osgeo-org.atlassian.net/browse/GEOS-11052?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 )

Issue Type: Bug Affects Versions: 2.22.5 Assignee: Unassigned Components: 
Documentation Created: 05/Jul/23 11:51 AM Environment:

Geoserver container behind a reverse proxy which is terminating the connexion 
over TLS.
Headers are transmitted (X-Forwaded-*)

Priority: Low Reporter: Robin KERDILES ( 
https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=61f12e4e875fc100703d9b67
 )

The default file web.xml has a wrong order in the filters if we want to add 
CORS.
There is a conflict with spring security and the login is impossible unless I 
add the CORS filter as the last filter.
The first filter made me think that the order of the filters provided as a 
comment block for the CORS was important as well.

   <!--
     THIS FILTER MAPPING MUST BE THE FIRST ONE, otherwise we end up with ruined 
chars in the input from the GUI
     See the "Note" in the Tomcat character encoding guide:
     http://wiki.apache.org/tomcat/FAQ/CharacterEncoding
   -->
   <filter-mapping>
     <filter-name>Set Character Encoding</filter-name>
     <url-pattern>/*</url-pattern>
   </filter-mapping>

  <!-- Uncomment following filter to enable CORS
   <filter-mapping>
       <filter-name>cross-origin</filter-name>
       <url-pattern>/*</url-pattern>
   </filter-mapping>
   -->

Here is the diff file with a working configuration for my specific environment

--- web.xml.orig
+++ web.xml
@@ -156,25 +156,31 @@
      </init-param>
    </filter>
    -->
-
-   <!-- Uncomment following filter to enable CORS in Tomcat. Do not forget the 
second config block further down.
+
    <filter>
-      <filter-name>cross-origin</filter-name>
+      <filter-name>DockerGeoServerCorsFilter</filter-name>
      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
      <init-param>
-        <param-name>cors.allowed.origins</param-name>
-        <param-value>*</param-value>
+          <param-name>cors.allowed.origins</param-name>
+          
<param-value>https://sequoia.aubepine.emanrisk.net,https://sequoia.chene.emanrisk.net,https://sequoia.maite.emanrisk.net</param-value>
      </init-param>
      <init-param>
-        <param-name>cors.allowed.methods</param-name>
-        <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
+          <param-name>cors.allowed.methods</param-name>
+          <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
      </init-param>
      <init-param>
-        <param-name>cors.allowed.headers</param-name>
-        <param-value>*</param-value>
+          <param-name>cors.allowed.headers</param-name>
+          
<param-value>Authorization,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
      </init-param>
+      <init-param>
+          <param-name>cors.exposed.headers</param-name>
+          
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
+      </init-param>
+      <init-param>
+        <param-name>cors.support.credentials</param-name>
+        <param-value>true</param-value>
+      </init-param>
    </filter>
-    -->

    <!--
      THIS FILTER MAPPING MUST BE THE FIRST ONE, otherwise we end up with 
ruined chars in the input from the GUI
@@ -236,6 +242,11 @@
      <url-pattern>/*</url-pattern>
    </filter-mapping>

+    <filter-mapping>
+      <filter-name>DockerGeoServerCorsFilter</filter-name>
+      <url-pattern>/*</url-pattern>
+    </filter-mapping>
+
    <!-- general initializer, should be first thing to execute -->
    <listener>
      
<listener-class>org.geoserver.GeoserverInitStartupListener</listener-class>

( 
https://osgeo-org.atlassian.net/browse/GEOS-11052#add-comment?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 ) Add Comment ( 
https://osgeo-org.atlassian.net/browse/GEOS-11052#add-comment?atlOrigin=eyJpIjoiODQyMWQzMDQ4NTA4NDM2MmE3YmMwMWRmNzcyMGNmMTIiLCJwIjoiaiJ9
 )

Get Jira notifications on your phone! Download the Jira Cloud app for Android ( 
https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail
 ) or iOS ( 
https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8
 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100229- 
sha1:634ba05 )
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel














    











					Reply via email to