How to enable Cross-Origin Resource Sharing (CORS)??

The Same Origin Policy enforced by browsers is designed to prevent a malicious script from one server being able to access sensitive data on a different server.

But if you want your GeoServer to be usable outside of your own domain, you will want to enable Cross-Origin Resource Sharing (CORS).

Jetty??

Note

Your copy of Jetty in OpenGeo Suite should include a file called jetty-servlets.jar, found in your jetty/lib directory. If not, it will need to be downloaded separately.

Target directories:

  • Windows: C:\Program Files (x86)\Boundless\OpenGeo\jetty\lib
  • OS X: /Users/<user>/Library/Application Support/GeoServer/jetty/lib
  1. Edit your GeoServer web.xml file (inside webapps/geoserver/WEB-INF) and add the following content:

    <web-app ...>
        ...
        <filter>
            <filter-name>cross-origin</filter-name>
            <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
        </filter>
        ...
        <filter-mapping>
            <filter-name>cross-origin</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        ...
    </web-app>
    
  2. Save this file.

  3. Restart GeoServer.