How to enable Cross-Origin Resource Sharing (CORS)??

The Same Origin Policy enforced by browsers is designed to prevent a malicious script from one server being able to access sensitive data on a different server.

But if you want your GeoServer to be usable outside of your own domain, you will want to enable Cross-Origin Resource Sharing (CORS).



Your copy of Jetty in OpenGeo Suite should include a file called jetty-servlets.jar, found in your jetty/lib directory. If not, it will need to be downloaded separately.

Target directories:

  • Windows: C:\Program Files (x86)\Boundless\OpenGeo\jetty\lib
  • OS X: /Users/<user>/Library/Application Support/GeoServer/jetty/lib
  1. Edit your GeoServer web.xml file (inside webapps/geoserver/WEB-INF) and add the following content:

    <web-app ...>
  2. Save this file.

  3. Restart GeoServer.