Enabling CORS in GeoServer (jetty)?

Edit the webapps/geoserver/WEB-INF/web.xml file. There are two references to CORS in this file:

<!-- Uncomment following filter to enable CORS -->
<filter>
  <filter-name>cross-origin</filter-name>
     <filter-class>org.eclipse.jetty.servlets.CrossOriginFilter</filter-class>
  </filter>

and

<!-- Uncomment following filter to enable CORS -->
<filter-mapping>
   <filter-name>cross-origin</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

You must uncomment both blocks (that is remove <!-- and --> from the filter and filter-mapping blocks.

Then when you restart Jetty you can test that everything is working by using a command like:

curl -v -H "Origin: http://example.com" http://astun-desktop:9080/geoserver/wfs\?service\=WFS\&version\=2.0.0\&request\=GetFeature\&typenames\=sf:bugsites\&filter\=%3Cfes:Filter%20xmlns:fes\=%22http://www.opengis.net/fes/2.0%22%3E%3Cfes:ResourceId%20rid\=%22bugsites.3%22/%3E%3C/fes:Filter%3E

which if all is well will give a result like:

> User-Agent: curl/7.35.0
> Host: astun-desktop:9080
> Accept: */*
> Origin: http://example.com
>  
< HTTP/1.1 200 OK 
< Access-Control-Allow-Origin: http://example.com 
< Access-Control-Allow-Credentials: true 
< Access-Control-Expose-Headers:  
< Content-Type: text/xml; subtype=gml/3.2 
< Content-Disposition: inline; filename=geoserver-GetFeature.text 
< Transfer-Encoding: chunked
* Server Jetty(9.2.13.v20150730) is not blacklisted 
< Server: Jetty(9.2.13.v20150730) 
< 
* Connection #0 to host astun-desktop left intact 
<?xml version="1.0" encoding="UTF-8"?><wfs:FeatureCollection xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:sf="http://www.openplans.org/spearfish" xmlns:wfs="http://www.opengis.net/wfs/2.0" xmlns:gml="http://www.opengis.net/gml/3.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" numberMatched="1" numberReturned="1" timeStamp="2017-07-30T15:58:31.423Z" xsi:schemaLocation="http://www.opengis.net/wfs/2.0 http://astun-desktop:9080/geoserver/schemas/wfs/2.0/wfs.xsd http://www.openplans.org/spearfish http://astun-desktop:9080/geoserver/wfs?service=WFS&amp;version=2.0.0&amp;request=DescribeFeatureType&amp;typeName=sf%3Abugsites http://www.opengis.net/gml/3.2 http://astun-desktop:9080/geoserver/schemas/gml/3.2.1/gml.xsd"><wfs:member><sf:bugsites gml:id="bugsites.3"><sf:the_geom><gml:Point srsName="urn:ogc:def:crs:EPSG::26713" srsDimension="2"><gml:pos>590529 4914625</gml:pos></gml:Point></sf:the_geom><sf:cat>3</sf:cat><sf:str1>Beetle site</sf:str1></sf:bugsites></wfs:member></wfs:FeatureCollection>%

Update 24th Oct 2019

It it is no longer necessary to add the following jar to GeoServer (at least with versions 2.13.x and later) and it will cause an error. I'm leaving this note here for people fighting older versions.

1. Add the Jetty-Utility Servlets Jar to match the version of Jetty - for current versions of GeoServer (2.15.x) it is 9.4.12.v20180830, copy this to webapps/geoserver/WEB-INF/lib inside the geoserver-2.15.0 directory (or wherever you unpacked the zip file).

It will work if you add the filter in "geoserver/webapp/geoserver/WEB-INF/web.xml" and if you add the jar "jetty-servlets.9.2.13.v20150730.jar" inside "geoserver/webapp/geoserver/WEB-INF/lib"

with Jetty9, UbuntuServer 16.04, i also had to modify /etc/jetty9/start.ini, so as not to get the following error :

2018-03-31 15:10:01.769:WARN:oejuc.AbstractLifeCycle:main: FAILED cross-origin: javax.servlet.UnavailableException: org.eclipse.jetty.servlets.CrossOriginFilter javax.servlet.UnavailableException: org.eclipse.jetty.servlets.CrossOriginFilter

the solution is here : you should enable the servlets module in your ${jetty.base}/start.ini

consequently, i replaced :

--module=deploy,http,jsp,jstl,websocket,ext,resources

by :

--module=deploy,http,jsp,jstl,websocket,ext,resources,servlets