[Open.ogc] CORS Support for services.ogc.noaa.gov
Micah Wengren
micah.wengren at noaa.gov
Wed Jun 19 14:51:12 UTC 2013
Hi all,
WOC/Chi, I think if you can for testing purposes, this would require
adding the following config line (per
http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request):
|Access-Control-Allow-Headers: x-requested-with
|If you don't mind adding that, we can do a quick troubleshooting to see
if that fixes the issue. I'm not really sure what the purpose of the
non-standard header is or why it should be required, and in the end you
might end up having to remove that Tim, but it would be good to know if
that's what's causing the request to fail anyway.
The error message Origin http://www.st-test.nmfs.noaa.gov
<http://www.st-test.nmfs.noaa.gov/>is not allowed by
Access-Control-Allow-Originseems to suggest it is still due to an origin
restriction though.
Thanks,
Micah
On 6/18/2013 5:33 PM, Tim Haverland - NOAA Federal wrote:
> OK, I was able to publish my page to our test server, and there's no
> port appended to the origin:
>
> 1.
> Accept:
> */*
> 2.
> Accept-Encoding:
> gzip,deflate,sdch
> 3.
> Accept-Language:
> en-US,en;q=0.8
> 4.
> Access-Control-Request-Headers:
> origin, x-requested-with
> 5.
> Access-Control-Request-Method:
> GET
> 6.
> Cache-Control:
> no-cache
> 7.
> Connection:
> keep-alive
> 8.
> Host:
> services.ogc.noaa.gov <http://services.ogc.noaa.gov>
> 9.
> Origin:
> http://www.st-test.nmfs.noaa.gov
>10.
> Pragma:
> no-cache
>11.
> Referer:
> http://www.st-test.nmfs.noaa.gov/appstech/map-test
>12.
> User-Agent:
> Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/27.0.1453.110 Safari/537.36
>
>
> Still get the error:
>
> Origin http://www.st-test.nmfs.noaa.gov
> <http://www.st-test.nmfs.noaa.gov/>is not allowed by
> Access-Control-Allow-Origin
>
> WOC, can you allow the header x-requested-with to see if that fixes
> the problem?
>
> Tim
>
>
> On Tue, Jun 18, 2013 at 4:26 PM, Micah Wengren <micah.wengren at noaa.gov
> <mailto:micah.wengren at noaa.gov>> wrote:
>
> Tim,
>
> I found this:
> http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request
>
> It sounds like jQuery or some part of the CMS is trying to ask
> whether the server will accept a header 'x-requested-with'. I'm
> sure that's not required for OpenLayers, but it's being inserted
> anyway by some part of your site code. I don't know if that would
> cause the disallowed origin error message you're seeing if the
> non-standard header isn't supported or not, but if it is, there
> must be some way to disable that within the application, or this
> might get kinda complicated to get working.
>
> Either way, are you sure that the port on your server isn't the
> issue? From doing a little reading, it seems that since you're
> using a non-standard port, the 'Origin' header your site will be
> submitting should look like this:
>
> |Origin:http://|triggerfish2.nmfs.noaa.gov:9992 <http://triggerfish2.nmfs.noaa.gov:9992>
>
> It's possible that that might not match the rules in our
> '|Access-Control-Allow-Origin'| setting, if it's only a plain
> string comparison or something that Apache does.
>
> Micah
>
>
>
> On 6/18/2013 2:41 PM, Tim Haverland - NOAA Federal wrote:
>> I don't know the inner workings of our content management system,
>> so not sure what's sending the x-requested-with header; however,
>> I read that this is pretty common with Ajax requests, especially
>> from jQuery.
>>
>>
>> On Tue, Jun 18, 2013 at 2:22 PM, Micah Wengren
>> <micah.wengren at noaa.gov <mailto:micah.wengren at noaa.gov>> wrote:
>>
>> Hi open.ogc at list.woc.noaa.gov
>> <mailto:open.ogc at list.woc.noaa.gov>,
>>
>> I'm sending this thread I've been on with Tim back to the
>> email list to see if we can expedite troubleshooting what the
>> issue is with a CORS request from Tim's development server to
>> services.ogc.noaa.gov <http://services.ogc.noaa.gov>. He's
>> connecting from:
>>
>> http://triggerfish2.nmfs.noaa.gov:9992
>>
>> and trying to display one of our services on an OpenLayers
>> map (and do a GetFeatureInfo request, which leads to the
>> need for CORS support).
>>
>>
>> I don't really have the answer to his question, anyone at the
>> WOC know about accepting non-standard headers?
>>
>> Tim, do you know why this header is required from your side,
>> and what the server should be doing with it?
>>
>> Thanks,
>> Micah
>>
>> On 6/18/2013 2:05 PM, Tim Haverland - NOAA Federal wrote:
>>> Yeah, doesn't look like the port is an issue, however, my
>>> request is sent with these headers:
>>>
>>> 1.
>>> Access-Control-Request-Headers:
>>> origin, x-requested-with
>>>
>>>
>>> I've read that the server may need to accept "non-standard"
>>> headers. x-requested-with is a non-standard header. Is this
>>> accepted on the server side?
>>>
>>> Tim
>>>
>>>
>>> On Tue, Jun 18, 2013 at 1:35 PM, Tim Haverland - NOAA
>>> Federal <tim.haverland at noaa.gov
>>> <mailto:tim.haverland at noaa.gov>> wrote:
>>>
>>> yes, response header says:
>>>
>>> 1.
>>> Access-Control-Allow-Origin:
>>> *.noaa.gov <http://noaa.gov>
>>>
>>>
>>>
>>> On Tue, Jun 18, 2013 at 1:32 PM, Micah Wengren - NOAA
>>> Federal <micah.wengren at noaa.gov
>>> <mailto:micah.wengren at noaa.gov>> wrote:
>>>
>>> Hi Tim,
>>>
>>> I don't know what bearing ports have on CORS.
>>> Everything from noaa.gov <http://noaa.gov> should
>>> be allowed though. If you examine http headers with
>>> firebug or something you should be able to see the
>>> rule Chi added in the header list. I believe he
>>> would have added it for both http and https, but I'd
>>> have to check. Not at my machine right now. It's
>>> more important for http in this case...
>>>
>>> Micah
>>>
>>>
>>>
>>> On Tuesday, June 18, 2013, Tim Haverland - NOAA
>>> Federal <tim.haverland at noaa.gov
>>> <mailto:tim.haverland at noaa.gov>> wrote:
>>> > Micah, is CORS supported on the production version
>>> of geoserver? I'm trying to implement my map in our
>>> content management system, and get the following error:
>>> > Origin http://triggerfish2.nmfs.noaa.gov:9992 is
>>> not allowed by Access-Control-Allow-Origin.
>>> >
>>> > Maybe it's the port that's throwing things off?
>>> > Tim
>>> >
>>> > On Thu, Jun 13, 2013 at 1:27 PM, Micah Wengren -
>>> NOAA Federal <micah.wengren at noaa.gov
>>> <mailto:micah.wengren at noaa.gov>> wrote:
>>> >>
>>> >> Hi Tim,
>>> >>
>>> >> We have *.noaa.gov <http://noaa.gov> enabled
>>> anyway for CORS support now. If you can copy your
>>> openlayers page to your dev server and test it out
>>> and let me know if it works, that would be great.
>>> Whenever you get a chance, no rush.
>>> >>
>>>
>>
>>
>>
>>
>> --
>> *Tim Haverland*
>> Acting Operations Branch Chief
>> NOAA Fisheries Office of Science and Technology
>> 1315 East-West Highway
>> SSMC3 Rm 12303
>> Silver Spring, MD 20910
>> 301-427-8137 <tel:301-427-8137>
>
>
>
>
> --
> *Tim Haverland*
> Acting Operations Branch Chief
> NOAA Fisheries Office of Science and Technology
> 1315 East-West Highway
> SSMC3 Rm 12303
> Silver Spring, MD 20910
> 301-427-8137
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://list.woc.noaa.gov/pipermail/open.ogc/attachments/20130619/59212e25/attachment-0001.html>
More information about the Open.ogc
mailing list