[Open.ogc] CORS Support for services.ogc.noaa.gov

Micah Wengren micah.wengren at noaa.gov
Tue Jun 18 20:26:51 UTC 2013 

Tim,

I found this: 
http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request

It sounds like jQuery or some part of the CMS is trying to ask whether 
the server will accept a header 'x-requested-with'.  I'm sure that's not 
required for OpenLayers, but it's being inserted anyway by some part of 
your site code.  I don't know if that would cause the disallowed origin 
error message you're seeing if the non-standard header isn't supported 
or not, but if it is, there must be some way to disable that within the 
application, or this might get kinda complicated to get working.

Either way, are you sure that the port on your server isn't the issue?  
 From doing a little reading, it seems that since you're using a 
non-standard port, the 'Origin' header your site will be submitting 
should look like this:

|Origin: http://|triggerfish2.nmfs.noaa.gov:9992  <http://triggerfish2.nmfs.noaa.gov:9992>

It's possible that that might not match the rules in our 
'|Access-Control-Allow-Origin'| setting, if it's only a plain string 
comparison or something that Apache does.

Micah


On 6/18/2013 2:41 PM, Tim Haverland - NOAA Federal wrote:
> I don't know the inner workings of our content management system, so 
> not sure what's sending the x-requested-with header; however, I read 
> that this is pretty common with Ajax requests, especially from jQuery.
>
>
> On Tue, Jun 18, 2013 at 2:22 PM, Micah Wengren <micah.wengren at noaa.gov 
> <mailto:micah.wengren at noaa.gov>> wrote:
>
>     Hi open.ogc at list.woc.noaa.gov <mailto:open.ogc at list.woc.noaa.gov>,
>
>     I'm sending this thread I've been on with Tim back to the email
>     list to see if we can expedite troubleshooting what the issue is
>     with a CORS request from Tim's development server to
>     services.ogc.noaa.gov <http://services.ogc.noaa.gov>. He's
>     connecting from:
>
>     http://triggerfish2.nmfs.noaa.gov:9992
>
>     and trying to display one of our services on an OpenLayers map
>     (and do a GetFeatureInfo request, which leads to the need  for
>     CORS support).
>
>
>     I don't really have the answer to his question, anyone at the WOC
>     know about accepting non-standard headers?
>
>     Tim, do you know why this header is required from your side, and
>     what the server should be doing with it?
>
>     Thanks,
>     Micah
>
>     On 6/18/2013 2:05 PM, Tim Haverland - NOAA Federal wrote:
>>     Yeah, doesn't look like the port is an issue, however, my request
>>     is sent with these headers:
>>
>>     1.
>>         Access-Control-Request-Headers:
>>         origin, x-requested-with
>>
>>
>>     I've read that the server may need to accept "non-standard"
>>     headers. x-requested-with is a non-standard header. Is this
>>     accepted on the server side?
>>
>>     Tim
>>
>>
>>     On Tue, Jun 18, 2013 at 1:35 PM, Tim Haverland - NOAA Federal
>>     <tim.haverland at noaa.gov <mailto:tim.haverland at noaa.gov>> wrote:
>>
>>         yes, response header says:
>>
>>         1.
>>             Access-Control-Allow-Origin:
>>             *.noaa.gov <http://noaa.gov>
>>
>>
>>
>>         On Tue, Jun 18, 2013 at 1:32 PM, Micah Wengren - NOAA Federal
>>         <micah.wengren at noaa.gov <mailto:micah.wengren at noaa.gov>> wrote:
>>
>>             Hi Tim,
>>
>>             I don't know what bearing ports have on CORS.  Everything
>>             from noaa.gov <http://noaa.gov> should be allowed though.
>>              If you examine http headers with firebug or something
>>             you should be able to see the rule Chi added in the
>>             header list.  I believe he would have added it for both
>>             http and https, but I'd have to check. Not at my machine
>>             right now. It's more important for http in this case...
>>
>>             Micah
>>
>>
>>
>>             On Tuesday, June 18, 2013, Tim Haverland - NOAA Federal
>>             <tim.haverland at noaa.gov <mailto:tim.haverland at noaa.gov>>
>>             wrote:
>>             > Micah, is CORS supported on the production version of
>>             geoserver? I'm trying to implement my map in our content
>>             management system, and get the following error:
>>             > Origin http://triggerfish2.nmfs.noaa.gov:9992 is not
>>             allowed by Access-Control-Allow-Origin.
>>             >
>>             > Maybe it's the port that's throwing things off?
>>             > Tim
>>             >
>>             > On Thu, Jun 13, 2013 at 1:27 PM, Micah Wengren - NOAA
>>             Federal <micah.wengren at noaa.gov
>>             <mailto:micah.wengren at noaa.gov>> wrote:
>>             >>
>>             >> Hi Tim,
>>             >>
>>             >> We have *.noaa.gov <http://noaa.gov> enabled anyway
>>             for CORS support now.  If you can copy your openlayers
>>             page to your dev server and test it out and let me know
>>             if it works, that would be great. Whenever you get a
>>             chance, no rush.
>>             >>
>>
>
>
>
>
> -- 
> *Tim Haverland*
> Acting Operations Branch Chief
> NOAA Fisheries Office of Science and Technology
> 1315 East-West Highway
> SSMC3 Rm 12303
> Silver Spring, MD 20910
> 301-427-8137

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20130618/7d10b170/attachment-0001.html>

More information about the Open.ogc mailing list