Tile server & CORS

EricG97477 · 2019-04-23T21:28:21.000Z

I used the instructions at https://switch2osm.org/manually-building-a-tile-server-18-04-lts/ to setup a tile server. It all seems to be working, but I have run into the dreaded CORS issue.

I did find:

https://help.openstreetmap.org/questions/38308/osm-tile-server-how-to-enable-cors

I am not sure I want to try the path of modifying the OSM source. Adjusting the apache configuration seems to be the right way.

However, after I modify security.conf, apachectl -t tells me that it is invalid because it is a syntax error and that “Header” is not a valid command.

So, assuming a standard Ubuntu 18.04 install and a tile server setup according to the tutorial, what is the best way to resolve the CORS problem?

Thank you.

EricG97477 · 2019-04-24T17:57:15.000Z

Based on various behaviors I have seen, it would seem that mod_tile completely controls the response headers. All my attempts to add CORS headers (or any test custom headers at all) to various apache .conf files are ignored for tiles, but not other random test pages.

Looking at the mod_tile source, I see in mod_tile.c, code like:

/**
 * Add CORS ( Cross-origin resource sharing ) headers. http://www.w3.org/TR/cors/
 * CORS allows requests that would otherwise be forbidden under the same origin policy.
 */
static int add_cors(request_rec *r, const char * cors) {

which would seem to confirm that a mod_tile oriented solution is the correct path.

However, I am not sure how to actually accomplish that. Attempting to add CORS=* at various points in /usr/local/etc/renderd.conf has no effect.

Does anyone understand this source code and how to get it to add CORS related headers?

It would seem that mod_tile will potentially do a lot of useful logging…does anyone know how to turn on debug logging for it?

Thank you.

EricG97477 · 2019-04-24T19:11:15.000Z

I was able to figure out how to enable the mod_tile debug logging. I edited /etc/apache2/sites-available/000-default.conf and below:

CustomLog ${APACHE_LOG_DIR}/access.log combined

I added:

LogLevel debug

This allowed me to see the tile_handler_serve debug message in the mod_tile.c:tile_handler_server function. I was able to determine that I did need to add CORS=* to the [ajt] section of /usr/local/etc/renderd.conf. Doing that, got me past the first if statement in tile_handler_server and into the mod_tile.c:add_cors function.

However, at this point, it is using the apache api apr_table_get to get the value of “Origin” which is null.

I am not sure how to have it so that Origin is not null since if it is not null, it looks like various CORS headers will be added and everything will start working as expected (I hope).

Any insights into this would be appreciated.

EricG97477 · 2019-04-24T20:14:32.000Z

As these things usually go, simply writing things down generally allows for faster progress and I made some more.

To /etc/apache2/sites-available/000-default.conf, just before the line, I added

RequestHeader append Origin "mirror 12"

and this got me past the Origin if statement in add_cors and the “Origin header is allowed under the CORS policy…” debug message shows up and everything appears to be generally working.

So, SUCCESS!

However, hacking in a Origin request header seems, well, hackish and I have to think there is a better way.

Any insights into this would be appreciated.

EricG97477 · 2019-04-30T16:44:46.000Z

EricG97477:

As these things usually go, simply writing things down generally allows for faster progress and I made some more.

To /etc/apache2/sites-available/000-default.conf, just before the line, I added
RequestHeader append Origin "mirror 12"
and this got me past the Origin if statement in add_cors and the “Origin header is allowed under the CORS policy…” debug message shows up and everything appears to be generally working.

So, SUCCESS!

However, hacking in a Origin request header seems, well, hackish and I have to think there is a better way.

Any insights into this would be appreciated.

It appears that the need to hack the Origin header was unnecessary. I think what had happened is that something was cached and was causing problems.