CORS configuration doesn't seem to be working

[zachsa]

Hi,

Using v5.4, I have this in my threddsConfig.xml:

  <CORS>
    <enabled>true</enabled>
    <maxAge>1728000</maxAge>
    <allowedMethods>OPTIONS,GET</allowedMethods>
    <allowedHeaders>Access-Control-Allow-Headers,Access-Control-Allow-Origin,Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers,credentials,Authorization</allowedHeaders>
    <allowedOrigin>*</allowedOrigin>
  </CORS>

However on my JavaScript site I see this error when trying to access the WMS server (the same request succeeds in Chrome with security disabled):

Access to fetch at 'https://thred...' from origin 'http://localhost:3001'  has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I have deployed THREDDS behind an Nginx reverse proxy with a similar configuration to many other apps and CORS works as expected, so I think this is something to do with either the Tomcat or THREDDS server.

Please let me know if I am configuring CORS incorrectly for this Docker image.

[zachsa]

I had to overwrite the Tomcat web.xml file to get CORS to work in the Docker container. The THREDDS config regarding this don't seem to do anything

[julienchastang]

Related.

I had to overwrite the Tomcat web.xml file to get CORS to work in the Docker container. The THREDDS config regarding this don't seem to do anything

Yes, I believe web.xml is where you want this configuration. See here.

[julienchastang]

Closing since there has been no activity here in a while.