<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">Hi <a class="moz-txt-link-abbreviated" href="mailto:open.ogc@list.woc.noaa.gov">open.ogc@list.woc.noaa.gov</a>,<br>
      <br>
      I'm sending this thread I've been on with Tim back to the email
      list to see if we can expedite troubleshooting what the issue is
      with a CORS request from Tim's development server to
      services.ogc.noaa.gov. He's connecting from: <br>
      <br>
      <a moz-do-not-send="true"
        href="http://triggerfish2.nmfs.noaa.gov:9992" target="_blank">http://triggerfish2.nmfs.noaa.gov:9992</a><br>
      <br>
      and trying to display one of our services on an OpenLayers map
      (and do a GetFeatureInfo request, which leads to the need  for
      CORS support).  <br>
      <br>
      <br>
      I don't really have the answer to his question, anyone at the WOC
      know about accepting non-standard headers?<br>
      <br>
      Tim, do you know why this header is required from your side, and
      what the server should be doing with it?<br>
      <br>
      Thanks,<br>
      Micah<br>
      <br>
      On 6/18/2013 2:05 PM, Tim Haverland - NOAA Federal wrote:<br>
    </div>
    <blockquote
cite="mid:CA+PWDsDOXbhuHKNKEfrbhQb4-0SNcS6KrgPU3LsKd104YMdRxg@mail.gmail.com"
      type="cite">
      <div dir="ltr">Yeah, doesn't look like the port is an issue,
        however, my request is sent with these headers:
        <div><br>
        </div>
        <div>
          <ol class=""
            style="margin:0px;color:rgb(0,0,0);min-width:100%;list-style-type:none;font-family:'Segoe
            UI',Tahoma,sans-serif;font-size:11px;padding:2px
            6px!important">
            <li title="" style="padding:0px 0px 0px
              14px;margin-top:1px;word-wrap:break-word;white-space:nowrap">
              <div class=""
style="color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Access-Control-Request-Headers:</div>
              <div class="" style="font-family:Consolas,'Lucida
Console',monospace;white-space:pre-wrap;display:inline;margin-right:100px;word-break:break-all;margin-top:1px;font-size:12px!important">origin,
                x-requested-with</div>
            </li>
          </ol>
        </div>
        <div><br>
        </div>
        <div style="">I've read that the server may need to accept
          "non-standard" headers. <span
            style="color:rgb(0,0,0);font-family:Consolas,'Lucida
            Console',monospace;font-size:12px;white-space:pre-wrap">
            x-requested-with </span>is a non-standard header. Is this
          accepted on the server side?</div>
        <div style=""><br>
        </div>
        <div style="">Tim</div>
      </div>
      <div class="gmail_extra"><br>
        <br>
        <div class="gmail_quote">On Tue, Jun 18, 2013 at 1:35 PM, Tim
          Haverland - NOAA Federal <span dir="ltr"><<a
              moz-do-not-send="true"
              href="mailto:tim.haverland@noaa.gov" target="_blank">tim.haverland@noaa.gov</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">
            <div dir="ltr">yes, response header says: 
              <ol
                style="list-style-type:none;min-width:100%;font-size:11px;font-family:'Segoe
                UI',Tahoma,sans-serif;margin:0px;padding:2px
                6px!important">
                <li title="" style="padding:0px 0px 0px
                  14px;margin-top:1px;word-wrap:break-word;white-space:nowrap">
                  <div
style="color:rgb(84,84,84);display:inline-block;margin-right:0.5em;font-weight:bold;vertical-align:top;white-space:pre-wrap">Access-Control-Allow-Origin:</div>
                  <div style="font-family:Consolas,'Lucida
Console',monospace;white-space:pre-wrap;display:inline;margin-right:100px;word-break:break-all;margin-top:1px;font-size:12px!important">*.<a
                      moz-do-not-send="true" href="http://noaa.gov"
                      target="_blank">noaa.gov</a></div>
                </li>
              </ol>
            </div>
            <div class="HOEnZb">
              <div class="h5">
                <div class="gmail_extra"><br>
                  <br>
                  <div class="gmail_quote">On Tue, Jun 18, 2013 at 1:32
                    PM, Micah Wengren - NOAA Federal <span dir="ltr"><<a
                        moz-do-not-send="true"
                        href="mailto:micah.wengren@noaa.gov"
                        target="_blank">micah.wengren@noaa.gov</a>></span>
                    wrote:<br>
                    <blockquote class="gmail_quote" style="margin:0 0 0
                      .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi
                      Tim,<br>
                      <br>
                      I don't know what bearing ports have on CORS.
                       Everything from <a moz-do-not-send="true"
                        href="http://noaa.gov" target="_blank">noaa.gov</a>
                      should be allowed though.  If you examine http
                      headers with firebug or something you should be
                      able to see the rule Chi added in the header list.
                       I believe he would have added it for both http
                      and https, but I'd have to check. Not at my
                      machine right now. It's more important for http in
                      this case...<span><font color="#888888"><br>
                          <br>
                          Micah</font></span>
                      <div>
                        <div><br>
                          <br>
                          <br>
                          On Tuesday, June 18, 2013, Tim Haverland -
                          NOAA Federal <<a moz-do-not-send="true"
                            href="mailto:tim.haverland@noaa.gov"
                            target="_blank">tim.haverland@noaa.gov</a>>
                          wrote:<br>
                          > Micah, is CORS supported on the
                          production version of geoserver? I'm trying to
                          implement my map in our content management
                          system, and get the following error:<br>
                          > Origin <a moz-do-not-send="true"
                            href="http://triggerfish2.nmfs.noaa.gov:9992"
                            target="_blank">http://triggerfish2.nmfs.noaa.gov:9992</a>
                          is not allowed by Access-Control-Allow-Origin.<br>
                          ><br>
                          > Maybe it's the port that's throwing
                          things off?<br>
                          > Tim<br>
                          ><br>
                          > On Thu, Jun 13, 2013 at 1:27 PM, Micah
                          Wengren - NOAA Federal <<a
                            moz-do-not-send="true"
                            href="mailto:micah.wengren@noaa.gov"
                            target="_blank">micah.wengren@noaa.gov</a>>
                          wrote:<br>
                          >><br>
                          >> Hi Tim,<br>
                          >><br>
                          >> We have *.<a moz-do-not-send="true"
                            href="http://noaa.gov" target="_blank">noaa.gov</a>
                          enabled anyway for CORS support now.  If you
                          can copy your openlayers page to your dev
                          server and test it out and let me know if it
                          works, that would be great. Whenever you get a
                          chance, no rush.<br>
                          >><br>
                        </div>
                      </div>
                    </blockquote>
                  </div>
                </div>
              </div>
            </div>
          </blockquote>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>