[Open.ogc] CORS Support for services.ogc.noaa.gov

Tim Haverland - NOAA Federal tim.haverland at noaa.gov
Tue Jun 18 18:41:50 UTC 2013 

I don't know the inner workings of our content management system, so not
sure what's sending the x-requested-with header; however, I read that this
is pretty common with Ajax requests, especially from jQuery.


On Tue, Jun 18, 2013 at 2:22 PM, Micah Wengren <micah.wengren at noaa.gov>wrote:

>  Hi open.ogc at list.woc.noaa.gov,
>
> I'm sending this thread I've been on with Tim back to the email list to
> see if we can expedite troubleshooting what the issue is with a CORS
> request from Tim's development server to services.ogc.noaa.gov. He's
> connecting from:
>
> http://triggerfish2.nmfs.noaa.gov:9992
>
> and trying to display one of our services on an OpenLayers map (and do a
> GetFeatureInfo request, which leads to the need  for CORS support).
>
>
> I don't really have the answer to his question, anyone at the WOC know
> about accepting non-standard headers?
>
> Tim, do you know why this header is required from your side, and what the
> server should be doing with it?
>
> Thanks,
> Micah
>
> On 6/18/2013 2:05 PM, Tim Haverland - NOAA Federal wrote:
>
> Yeah, doesn't look like the port is an issue, however, my request is sent
> with these headers:
>
>
>    1. Access-Control-Request-Headers:
>    origin, x-requested-with
>
>
>  I've read that the server may need to accept "non-standard" headers. x-requested-with is
> a non-standard header. Is this accepted on the server side?
>
>  Tim
>
>
> On Tue, Jun 18, 2013 at 1:35 PM, Tim Haverland - NOAA Federal <
> tim.haverland at noaa.gov> wrote:
>
>> yes, response header says:
>>
>>    1. Access-Control-Allow-Origin:
>>    *.noaa.gov
>>
>>
>>
>> On Tue, Jun 18, 2013 at 1:32 PM, Micah Wengren - NOAA Federal <
>> micah.wengren at noaa.gov> wrote:
>>
>>> Hi Tim,
>>>
>>> I don't know what bearing ports have on CORS.  Everything from noaa.govshould be allowed though.  If you examine http headers with firebug or
>>> something you should be able to see the rule Chi added in the header list.
>>>  I believe he would have added it for both http and https, but I'd have to
>>> check. Not at my machine right now. It's more important for http in this
>>> case...
>>>
>>> Micah
>>>
>>>
>>>
>>> On Tuesday, June 18, 2013, Tim Haverland - NOAA Federal <
>>> tim.haverland at noaa.gov> wrote:
>>> > Micah, is CORS supported on the production version of geoserver? I'm
>>> trying to implement my map in our content management system, and get the
>>> following error:
>>> > Origin http://triggerfish2.nmfs.noaa.gov:9992 is not allowed by
>>> Access-Control-Allow-Origin.
>>> >
>>> > Maybe it's the port that's throwing things off?
>>> > Tim
>>> >
>>> > On Thu, Jun 13, 2013 at 1:27 PM, Micah Wengren - NOAA Federal <
>>> micah.wengren at noaa.gov> wrote:
>>> >>
>>> >> Hi Tim,
>>> >>
>>> >> We have *.noaa.gov enabled anyway for CORS support now.  If you can
>>> copy your openlayers page to your dev server and test it out and let me
>>> know if it works, that would be great. Whenever you get a chance, no rush.
>>> >>
>>>
>>
>


-- 
*Tim Haverland*
Acting Operations Branch Chief
NOAA Fisheries Office of Science and Technology
1315 East-West Highway
SSMC3 Rm 12303
Silver Spring, MD 20910
301-427-8137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20130618/066b6f11/attachment.html>

More information about the Open.ogc mailing list