Geographic Information Systems Asked by user255480 on October 16, 2020
I’m running a GeoServer 2.17.1 that is sitting behind a proxy that handles the TLS termination and send the HTTP traffic to GeoServer.
The issue is that when I’m accessing trough HTTPS to the web admin interface, I can’t make any change that contains a form as I get an HTTP 403 response. But doing the same trough plain HTTP the requests return OK
My first thought was that it had to be an issue with the Origin beeing now https://mydomain.com instead of http://mydomain.com and also found this link in the documentation about CSRF Protection and issues with proxies.
Adding the environment variable GEOSERVER_CSRF_WHITELIST that it mentions, solved this issue.
But now I wanted to add a CORS policy, so I added
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Origin,Access-Control-Request-Method,Content-Type,X-Requested-With,Accept,Access-Control-Request-Headers</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
To /usr/local/tomcat/conf/web.xml. The cors filter worked, but once added the issue with the forms and receiving 403 returned.
I’ve been testing this but it seems to that these two configurations are conflicting with each other. AS they work separately but not in tandem
I’ve also tried with other GeoServer version (2.16.4) but the issue remains
Anyone can help me understanding why this can be happening? I would like to enable HTTP -> HTTPS redirection but this issue is preventing me from doing that
Edit:
Adding logs:
logs for configuration with CORS in /usr/local/tomcat/conf/web.xml
and the env variable
logs for config with only the env variable
And the tomcat access log that show the 403 when trying to a add a new workspace
[...]
172.20.0.5 - - [06/Aug/2020:08:12:19 +0000] "GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.data.workspace.WorkspaceNewPage HTTP/1.0" 302 -
172.20.0.5 - - [06/Aug/2020:08:12:19 +0000] "GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.data.workspace.WorkspaceNewPage?6 HTTP/1.0" 200 4970
172.20.0.5 - - [06/Aug/2020:08:12:20 +0000] "POST /geoserver/web/wicket/bookmarkable/org.geoserver.web.data.workspace.WorkspaceNewPage?6-1.IFormSubmitListener-form HTTP/1.0" 403 -
172.20.0.5 - - [06/Aug/2020:08:12:22 +0000] "GET /geoserver/web/wicket/bookmarkable/org.geoserver.web.data.workspace.WorkspaceNewPage?6 HTTP/1.0" 200 4970
To summarize, I want to enable CORS and to use the web admin interface trough HTTPS, for this I tried different configs:
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP