search

Unidata / thredds

THREDDS Data Server v4.6
https://www.unidata.ucar.edu/software/tds/v4.6/index.html
265 stars 179 forks source link

Cross-Origin Read Blocking (CORB) blocked cross-origin response thredds #1335

Open mostafahadizadeh1991 opened 4 years ago

mostafahadizadeh1991 commented 4 years ago

Hi dear, I have an issue about cros.

I tried to get this link using ajax (http://192.168.229.94:8080/thredds/wms/testAll/GFS202009060000?service=WMS&version=1.3.0&REQUEST=GetMetadata&item=minmax&LAYERS=HGT&SRS=EPSG%3A4326&BBOX=50.4,38,56.8,44.4&WIDTH=256&HEIGHT=256&callback=jQuery3410787186710990256_1599400222381&_=1599400222382)

But I've got the following error:

Cross-Origin Read Blocking (CORB) blocked cross-origin response http://192.168.229.94:8080/thredds/wms/testAll/GFS202009060000?service=WMS&version=1.3.0&REQUEST=GetMetadata&item=minmax&LAYERS=HGT&SRS=EPSG%3A4326&BBOX=50.4,38,56.8,44.4&WIDTH=256&HEIGHT=256&callback=jQuery3410787186710990256_1599400222381&_=1599400222382 with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

I added the following line in the usr/local/tds/tomcat/conf/web.xml

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Also I did uncomment the the following line in the /usr/local/tds/tomcat/content/thredds/threddsconfig.xml

  <CORS>
    <enabled>false</enabled>
    <maxAge>1728000</maxAge>
    <allowedMethods>GET</allowedMethods>
    <allowedHeaders>Authorization</allowedHeaders>
    <allowedOrigin>*</allowedOrigin>
  </CORS>

But I receive this error again. How can I solve my issue.

Thanks

mostafahadizadeh1991 commented 4 years ago

Hi again all, It should be noted that when I try to get response from socib thredds then the followoing error released:

My JavaScript code:

$.ajax({
    url: 'http://thredds.socib.es/thredds/wms/operational_models/oceanographical/hydrodynamics/model_run_aggregation/wmop_3d/runs/wmop_3d_RUN_2020-09-06T00:00:00Z?LAYERS=sst_gradients&ELEVATION=0&TIME=2020-09-06T12%3A00%3A00.000Z&TRANSPARENT=true&COLORSCALERANGE=-50%2C50&NUMCOLORBANDS=20&LOGSCALE=false&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMetadata&item=minmax&FORMAT=image%2Fpng&SRS=EPSG%3A4326&BBOX=-5.6843418860808e-14,37.5,7.4999999999999,45&WIDTH=256&HEIGHT=256',
    type: 'GET',
    dataType: 'json',
    success: function(result) {
        console.log("yesss")
    }
});

The result:

scheme http host thredds.socib.es filename /thredds/wms/operational_models/oceanographical/hydrodynamics/model_run_aggregation/wmop_3d/runs/wmop_3d_RUN_2020-09-06T00:00:00Z LAYERS sst_gradients ELEVATION 0 TIME 2020-09-06T12:00:00.000Z TRANSPARENT true COLORSCALERANGE -50,50 NUMCOLORBANDS 20 LOGSCALE false SERVICE WMS VERSION 1.1.1 REQUEST GetMetadata item minmax FORMAT image/png SRS EPSG:4326 BBOX -5.6843418860808e-14,37.5,7.4999999999999,45 WIDTH 256 HEIGHT 256 Address 130.206.32.69:80 Status 403

Can anyone help me to solve this problem?

Cheers,

Mostafa

lesserwhirls commented 4 years ago

It is quite possible that the CORS settings from tomcat and the CORS settings in the TDS are interfering with each other. I would recommend not using the TDS CORS settings and putting them in place higher in the stack, such as in Tomcat. As always, when dealing with CORS in production, make sure to consult the person or group in charge of the network and domain on how best it should be implemented. Having CORS headers show up on network scans without notice usually leads to bad times.