How to enable Cross-Origin Resource Sharing (CORS)

The Same Origin Policy enforced by browsers is designed to prevent a malicious script from one server being able to access sensitive data on a different server.

But if you want your GeoServer to be usable outside of your own domain, you will want to enable Cross-Origin Resource Sharing (CORS).

Note

These instructions will cover Tomcat only.

  1. Edit the file $CATALINA_BASE/conf/web.xml (typically /etc/tomcat8/web.xml) .

  2. Add the following filter:

    <filter>
      <filter-name>CorsFilter</filter-name>
      <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>CorsFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    
  3. Save the file and restart the server.

For more information see: