CORS configuration doesn't seem to be working
zachsa opened this issue · comments
Hi,
Using v5.4, I have this in my threddsConfig.xml:
<CORS>
<enabled>true</enabled>
<maxAge>1728000</maxAge>
<allowedMethods>OPTIONS,GET</allowedMethods>
<allowedHeaders>Access-Control-Allow-Headers,Access-Control-Allow-Origin,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,credentials,Authorization</allowedHeaders>
<allowedOrigin>*</allowedOrigin>
</CORS>
However on my JavaScript site I see this error when trying to access the WMS server (the same request succeeds in Chrome with security disabled):
Access to fetch at 'https://thred...' from origin 'http://localhost:3001' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I have deployed THREDDS behind an Nginx reverse proxy with a similar configuration to many other apps and CORS works as expected, so I think this is something to do with either the Tomcat or THREDDS server.
Please let me know if I am configuring CORS incorrectly for this Docker image.
I had to overwrite the Tomcat web.xml file to get CORS to work in the Docker container. The THREDDS config regarding this don't seem to do anything
Closing since there has been no activity here in a while.