关键词:
【中文标题】启用 CORS 和解决 403 Forbidden 错误的问题【英文标题】:Issue with enabing CORS and solving 403 Forbidden error 【发布时间】:2018-01-05 07:12:13 【问题描述】:我尝试解决在向我的 GeoServer 发送请求时遇到的错误 403 Forbidden。为了调试这个过程,我使用 Chrome 中 Inspect 选项中的 Network 选项卡(我也尝试过 Firefox)。这是我在“网络”选项卡中看到的错误。
XMLHttpRequest 无法加载 http://localhost:8080/geoserver/square/ows?service=WFS&version=1.1.0&requ…ture&typeName=square:InformationStores&outputFormat=application%2Fjson。 对预检请求的响应未通过访问控制检查:否 请求中存在“Access-Control-Allow-Origin”标头 资源。因此不允许使用原点“http://localhost:5601” 使用权。响应的 HTTP 状态代码为 403。
根据我在该主题上找到的多个教程,我的 GeoServer 2.10.4 启用了 CORS。但是,我收到的错误消息似乎与代理有关。
我花了很多时间试图解决这个问题,所以最后,我完全迷失了。我尝试了很多东西,但没有任何效果。
这是我向其发送请求的 GeoServer 的配置文件:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app>
<display-name>GeoServer</display-name>
<context-param>
<param-name>serviceStrategy</param-name>
<!-- Meaning of the different values :
PARTIAL-BUFFER2
- Partially buffers the first xKb to disk. Once that has buffered, the the
result is streamed to the user. This will allow for most errors to be caught
early.
BUFFER
- stores the entire response in memory first, before sending it off to
the user (may run out of memory)
SPEED
- outputs directly to the response (and cannot recover in the case of an
error)
FILE
- outputs to the local filesystem first, before sending it off to the user
-->
<param-value>PARTIAL-BUFFER2</param-value> </context-param>
<context-param>
<!-- see comments on the PARTIAL-BUFFER strategy -->
<!-- this sets the size of the buffer. default is "50" = 50kb -->
<param-name>PARTIAL_BUFFER_STRATEGY_SIZE</param-name>
<param-value>50</param-value> </context-param>
<!--Can be true or false (defaults to: false). --> <!--When true the JSONP (text/javascript) output format is enabled --> <!-- <context-param>
<param-name>ENABLE_JSONP</param-name>
<param-value>true</param-value> </context-param> -->
<!--
<context-param>
<param-name>PROXY_BASE_URL</param-name>
<param-value>http://localhost/geoserver</param-value>
</context-param>
-->
<!--
<context-param>
<param-name>GEOSERVER_DATA_DIR</param-name>
<param-value>C:\eclipse\workspace\geoserver_trunk\cite\confCiteWFSPostGIS</param-value>
</context-param> -->
<!-- pick up all spring application contexts -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/applicationContext.xml classpath*:/applicationSecurityContext.xml</param-value>
</context-param>
<filter>
<filter-name>FlushSafeFilter</filter-name>
<filter-class>org.geoserver.filters.FlushSafeFilter</filter-class>
</filter>
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter>
<filter-name>SessionDebugger</filter-name>
<filter-class>org.geoserver.filters.SessionDebugFilter</filter-class>
</filter>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class> org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>xFrameOptionsFilter</filter-name>
<filter-class>org.geoserver.filters.XFrameOptionsFilter</filter-class>
</filter>
<filter>
<filter-name>GZIP Compression Filter</filter-name>
<filter-class>org.geoserver.filters.GZIPFilter</filter-class>
<init-param>
<!-- The compressed-types parameter is a comma-separated list of regular expressions.
If a mime type matches any of the regular expressions then it will be compressed.
-->
<param-name>compressed-types</param-name>
<param-value>text/.*,.*xml.*,application/json,application/x-javascript</param-value>
</init-param> </filter>
<filter>
<filter-name>Request Logging Filter</filter-name>
<filter-class>org.geoserver.filters.LoggingFilter</filter-class>
<init-param>
<!-- The 'enabled' parameter is a boolean value, "true" (case-insensitive) for true or
any other value for false. If enabled, then the logging will be performed;
otherwise the logging filter will have no effect. If not specified, this
parameter defaults to false.
-->
<param-name>enabled</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<!-- The 'log-request-bodies' parameter is a boolean value, "true" (case-insensitive) for
true or any other value for false. If enabled, then the logging will include the body
of POST and PUT requests. If not specified, this parameter defaults to false.
Note that this may noticeably degrade responsiveness of your geoserver since it will
not begin to process requests until the entire request body has been received by the
server.
-->
<param-name>log-request-bodies</param-name>
<param-value>false</param-value>
</init-param> </filter>
<filter>
<filter-name>Advanced Dispatch Filter</filter-name>
<filter-class>org.geoserver.platform.AdvancedDispatchFilter</filter-class>
<!--
This filter allows for a single mapping to the spring dispatcher. However using /* as a mapping
in a servlet mapping causes the servlet path to be "/" of the request. This causes problems with
library like wicket and restlet. So this filter fakes the servlet path by assuming the first
component of the path is the mapped path.
--> </filter>
<filter>
<filter-name>Spring Delegating Filter</filter-name>
<filter-class>org.geoserver.filters.SpringDelegatingFilter</filter-class>
<!--
This filter allows for filters to be loaded via spring rather than
registered here in web.xml. One thing to note is that for such filters
init() is not called. INstead any initialization is performed via spring
ioc.
--> </filter>
<filter>
<filter-name>Thread locals cleanup filter</filter-name>
<filter-class>org.geoserver.filters.ThreadLocalsCleanupFilter</filter-class>
<!--
This filter cleans up thread locals Geotools is setting up for concurrency and performance
reasons
--> </filter> <!-- Uncomment following filter to enable CORS --> <filter>
<filter-name>cross-origin</filter-name>
<filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
</filter>
<!--
THIS FILTER MUST BE THE FIRST ONE, otherwise we end up with ruined chars in the input from the GUI
See the "Note" in the Tomcat character encoding guide:
http://wiki.apache.org/tomcat/FAQ/CharacterEncoding
-->
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Uncomment following filter to enable CORS -->
<filter-mapping>
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>FlushSafeFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SessionDebugger</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>GZIP Compression Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>xFrameOptionsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Request Logging Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
If you want to use your security system comment out this one too
-->
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Advanced Dispatch Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring Delegating Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Thread locals cleanup filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- general initializer, should be first thing to execute -->
<listener>
<listener-class>org.geoserver.GeoserverInitStartupListener</listener-class>
</listener>
<!-- logging initializer, should execute before spring context startup -->
<listener>
<listener-class>org.geoserver.logging.LoggingStartupContextListener</listener-class>
</listener>
<!-- spring context loader -->
<listener>
<listener-class>org.geoserver.platform.GeoServerContextLoaderListener</listener-class>
</listener>
<!-- http session listener proxy -->
<listener>
<listener-class>org.geoserver.platform.GeoServerHttpSessionListenerProxy</listener-class>
</listener>
<!-- request context listener for session-scoped beans --> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener>
<!-- spring dispatcher servlet, dispatches all incoming requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<!-- single mapping to spring, this only works properly if the advanced dispatch filter is
active -->
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<mime-mapping>
<extension>xsl</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>sld</extension>
<mime-type>text/xml</mime-type>
</mime-mapping>
<mime-mapping>
<extension>json</extension>
<mime-type>application/json</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
【问题讨论】:
请检查一下,我相信你也有同样的问题gis.stackexchange.com/questions/210316/… @2oppin:谢谢,但这正是我所做的(很多次!)。因此,我将<filter> <filter-name>cross-origin</filter-name> <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class> </filter> <filter-mapping> <filter-name>cross-origin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> 添加到GeoServer 的web.xml 中,并将适当版本的jetty jar 放入WEB-INF/lib。
我不知道 geoServer,但我想它可能是在其他一些 http 服务器上设置的。你用码头吗?我想根据服务器 apache/tomcat/jetty 他们都使用自己的过滤器,如果你有一些用 spring 构建的自定义服务器,那么你应该手动添加标题
@2oppin:是的,我使用 Jetty。基本上我有 GeoServer(服务器端)和 Kibana(客户端)。而已。 GeoServer 位于端口 8080,而 Kibana 运行在端口 5601。两者都在同一个域上(嗯,现在它只是 localhost)。我没有任何自定义服务器。特别是Remote Address:127.0.0.1:8080 Host:localhost:8080 Origin:http://localhost:5601 Referer:http://localhost:5601/app/kibana
尝试使用最新的 Jetty 版本,eclipse.org/jetty/documentation/9.4.x/cross-origin-filter.html 尝试在初始化参数中添加标头,就像这个问题 ***.com/questions/8303162/jetty-cross-origin-filter
【参考方案1】:
请查看我对此question 的回答。
无需添加到 web.xml,只需取消注释已存在的 两个 CORS 相关块。
【讨论】:
我用不同版本的 Geoserver 做到了:) 它不工作。对我来说,它只适用于带有 Catalina 而不是 Jetty 的 Apache Tomcat。 我昨天用 2.10.3 做的,效果很好 你用 Kibana 测试过吗? 这与 Kibana 有什么关系?它不处理 CORS 请求吗?使用 ruby on rails 为 IGDB 启用 CORS?
...直在尝试通过rubygemigdb_api使用IGDBAPI,但不断收到403Forbidden异常。我在localhost:3000在本地运行服务器进行开发。以下是我设置测试代 查看详情
Django CORS 请求仅在服务器上创建 403 Forbidden Error
】DjangoCORS请求仅在服务器上创建403ForbiddenError【英文标题】:DjangoCORSrequestscreating403ForbiddenErroronlyonserver【发布时间】:2021-07-2719:08:35【问题描述】:我有一个应用程序,它使用Django作为后端并为前端做出反应,所以我设置了djang... 查看详情
Tomcat 启用 CORS:来自 Safari 的 POST 请求返回 200,Chrome 和 Firefox 返回 403
】Tomcat启用CORS:来自Safari的POST请求返回200,Chrome和Firefox返回403【英文标题】:TomcatenableCORS:POSTrequestfromSafarireturns200,ChromeandFirefoxreturn403【发布时间】:2019-06-0414:01:30【问题描述】:我的后端在Tomcat8.5上运行,JavaSpring在AmazonEC2实... 查看详情
在javascript中使用xmlhttprequest“CORS问题-403禁止”[重复]
...t“CORS问题-403禁止”[重复]【英文标题】:"CORSissue-403forbidden"usingxmlhttprequestinjavascript[duplicate]【发布时间】:2021-09-2022:26:03【问题描述】:我正在尝试连接托管在云上的api,但由于CORS问题而出现403-Forbidden。varurl="https:/ 查看详情
上传到 S3 时如何解决 403 Forbidden 错误
】上传到S3时如何解决403Forbidden错误【英文标题】:Howtoresolve403ForbiddenerrorwhenuploadingtoS3【发布时间】:2019-12-0913:04:07【问题描述】:我正在建立一个vuejs/DropzoneJS-松散地基于kfei的vue-s3-dropzone应用程序的应用程序。它旨在使用AWSLam... 查看详情
403 Forbidden - 无法解决,搜索高低
】403Forbidden-无法解决,搜索高低【英文标题】:403Forbidden-CannotbeResolved,SearchedHighandLow【发布时间】:2019-02-0623:49:11【问题描述】:我已经解决这个错误超过4小时了,“site:***.com”上的每个结果在我的谷歌上都是紫色的,我已经... 查看详情
使用 CORS 过滤器的跨源请求
...发出跨源请求。虽然我启用了CORS过滤器,但我得到了403Forbidden响应。这是请求(从chrome开发工具复制粘贴)。在IE9上它似乎可以工作。我在Chrome和Firefox上收到403错误代码。Re 查看详情
AJAX、CORS、Chrome 和 HTTP 错误代码 (401,403,404,500) 的推荐解决方案
】AJAX、CORS、Chrome和HTTP错误代码(401,403,404,500)的推荐解决方案【英文标题】:RecommendedsolutionforAJAX,CORS,Chrome&HTTPerrorcodes(401,403,404,500)【发布时间】:2012-09-2203:49:08【问题描述】:背景(如果你熟悉CORS,可以跳到最后的问题)CORS... 查看详情
403forbidden啥意思,怎么修复解决403forbidden
403Forbidden是HTTP协议中的一个状态码(StatusCode)。可以简单的理解为没有权限访问此站。访问网时出现403Forbidden错误的原因:1.你的IP被列入黑名单2.你在一定时间内过多地访问此网站(一般是用采集程序),被防火墙拒绝访问了3.网... 查看详情
apache部署django出现403forbidden错误怎么解决
参考技术A两种解决方式:修改httpd.conf文件,中里面添加声明,开放django所在目录位置的访问权限;将django部署到apache的hotdocs目录中;本回答被提问者和网友采纳 参考技术B因为你的django工程目录没有访问权限,你需要在httpd.conf... 查看详情
其他解决方法:forbidden(403)csrfverificationfailed.requestaborted.(代码片段)
CodeIsNeverDie!今天在完成部分页面发起POST请求时,出现了如下所示的403报错情况度娘搜索了一下,解决方法包含了前端修改和后端修改的解决办法,前端来修改操作的90%都集中于在form标签里面添加%csrf_token%即可&#x... 查看详情
其他解决方法:forbidden(403)csrfverificationfailed.requestaborted.(代码片段)
CodeIsNeverDie!今天在完成部分页面发起POST请求时,出现了如下所示的403报错情况度娘搜索了一下,解决方法包含了前端修改和后端修改的解决办法,前端来修改操作的90%都集中于在form标签里面添加%csrf_token%即可&#x... 查看详情
403forbidden是啥意思,怎么解决这个问题?
403Forbidden是HTTP协议中的一个状态码(StatusCode)。可以简单的理解为没有权限访问此站。该状态表示服务器理解了本次请求但是拒绝执行该任务,该请求不该重发给服务器。在HTTP请求的方法不是“HEAD”,并且服务器想让客户端知道... 查看详情
403-forbidden:accessisdenied.是啥意思啊?!如何解决?
没有权限访问,所以才会出现403状态。404是页面不存在,200是正常。。这个问题是网站本身的问题,你打开其它网站是可以打开的,不是你浏览器的问题参考技术AACCESS拒绝你的数据库没连上 查看详情
爬虫403问题解决urllib.error.httperror:httperror403:forbidden
一、爬虫时,出现urllib.error.HTTPError:HTTPError403:ForbiddenTraceback (most recent call last): File "D:/访问web.py", line 75, in <module> &nbs 查看详情
nginx403forbidden怎么解决
参考技术A403Forbidden原因/解决办法1访问禁止目录浏览的目录;这是最常见出现的原因,由于用户的配置权限问题所导致的结果;某个你需要访问的目录给的权限不够。比如网站访问,html目录权限就不够。2解决办法。设置所有父... 查看详情
打开网页显示403-forbidden啥意思啊
打开hao123和qq浏览器时,怎么解决呀,别的网站没事403Forbidden是HTTP协议中的一个状态码(StatusCode)。可以简单的理解为没有权限访问此站。该状态表示服务器理解了本次请求但是拒绝执行该任务,该请求不该重发给服务器。在HTTP... 查看详情
svn:serversentunexpectedreturnvalue(403forbidden)inresponsetocheckoutrequestfor-解决方(示例
来源:http://blog.csdn.net/xhu_eternalcc/article/details/18454481--------------------------------------------------------------------------------------------这是由于本地用户信息配置错误造成的,只需将用户配置信息删除,然后重新登录即可。删除本地用户配 查看详情