How to enable Cross-Origin Resource Sharing (CORS)

The Same Origin Policy enforced by browsers is designed to prevent a malicious script from one server being able to access sensitive data on a different server.

But if you want your GeoServer to be usable outside of your own domain, you will want to enable Cross-Origin Resource Sharing (CORS).

Note

These instructions will cover Tomcat only.

  1. Edit the file $CATALINA_BASE/conf/web.xml (typically /etc/tomcat8/web.xml) .

  2. Add the following filter:

    <filter>
      <filter-name>CorsFilter</filter-name>
      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
      </init-param>
      <init-param>
        <param-name>cors.allowed.methods</param-name>
        <param-value>GET,POST,HEAD,OPTIONS,PUT</param-value>
      </init-param>
      <init-param>
        <param-name>cors.exposed.headers</param-name>
        <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Methods</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>CorsFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    
  3. Save the file and restart the server.

For more information see: