Cross-Origin Read Blocking (CORB) blocked cross-origin response thredds

[mostafahadizadeh1991]

Hi dear,
I have an issue about cros.

I tried to get this link using ajax (http://192.168.229.94:8080/thredds/wms/testAll/GFS202009060000?service=WMS&version=1.3.0&REQUEST=GetMetadata&item=minmax&LAYERS=HGT&SRS=EPSG%3A4326&BBOX=50.4,38,56.8,44.4&WIDTH=256&HEIGHT=256&callback=jQuery3410787186710990256_1599400222381&_=1599400222382)

But I've got the following error:

Cross-Origin Read Blocking (CORB) blocked cross-origin response http://192.168.229.94:8080/thredds/wms/testAll/GFS202009060000?service=WMS&version=1.3.0&REQUEST=GetMetadata&item=minmax&LAYERS=HGT&SRS=EPSG%3A4326&BBOX=50.4,38,56.8,44.4&WIDTH=256&HEIGHT=256&callback=jQuery3410787186710990256_1599400222381&_=1599400222382 with MIME type application/json. See https://www.chromestatus.com/feature/5629709824032768 for more details.

I added the following line in the usr/local/tds/tomcat/conf/web.xml

    <filter>
        <filter-name>CorsFilter</filter-name>
        <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
        <init-param>
            <param-name>cors.allowed.methods</param-name>
            <param-value>GET,POST,HEAD</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>CorsFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Also I did uncomment the the following line in the /usr/local/tds/tomcat/content/thredds/threddsconfig.xml

  <CORS>
    <enabled>false</enabled>
    <maxAge>1728000</maxAge>
    <allowedMethods>GET</allowedMethods>
    <allowedHeaders>Authorization</allowedHeaders>
    <allowedOrigin>*</allowedOrigin>
  </CORS>

But I receive this error again.
How can I solve my issue.

Thanks

[mostafahadizadeh1991]

Hi again all,
It should be noted that when I try to get response from socib thredds then the followoing error released:

My JavaScript code:

$.ajax({
    url: 'http://thredds.socib.es/thredds/wms/operational_models/oceanographical/hydrodynamics/model_run_aggregation/wmop_3d/runs/wmop_3d_RUN_2020-09-06T00:00:00Z?LAYERS=sst_gradients&ELEVATION=0&TIME=2020-09-06T12%3A00%3A00.000Z&TRANSPARENT=true&COLORSCALERANGE=-50%2C50&NUMCOLORBANDS=20&LOGSCALE=false&SERVICE=WMS&VERSION=1.1.1&REQUEST=GetMetadata&item=minmax&FORMAT=image%2Fpng&SRS=EPSG%3A4326&BBOX=-5.6843418860808e-14,37.5,7.4999999999999,45&WIDTH=256&HEIGHT=256',
    type: 'GET',
    dataType: 'json',
    success: function(result) {
        console.log("yesss")
    }
});

The result:

scheme http
host thredds.socib.es
filename /thredds/wms/operational_models/oceanographical/hydrodynamics/model_run_aggregation/wmop_3d/runs/wmop_3d_RUN_2020-09-06T00:00:00Z
LAYERS sst_gradients
ELEVATION 0
TIME 2020-09-06T12:00:00.000Z
TRANSPARENT true
COLORSCALERANGE -50,50
NUMCOLORBANDS 20
LOGSCALE false
SERVICE WMS
VERSION 1.1.1
REQUEST GetMetadata
item minmax
FORMAT image/png
SRS EPSG:4326
BBOX -5.6843418860808e-14,37.5,7.4999999999999,45
WIDTH 256
HEIGHT 256
Address 130.206.32.69:80
Status 403

Can anyone help me to solve this problem?

Cheers,

Mostafa

[lesserwhirls]

It is quite possible that the CORS settings from tomcat and the CORS settings in the TDS are interfering with each other. I would recommend not using the TDS CORS settings and putting them in place higher in the stack, such as in Tomcat. As always, when dealing with CORS in production, make sure to consult the person or group in charge of the network and domain on how best it should be implemented. Having CORS headers show up on network scans without notice usually leads to bad times.