From d2797fc416a2eea0642fba38f24f452f7a57b3a6 Mon Sep 17 00:00:00 2001
From: Mathias Boeck <Mathias.Boeck@dlr.de>
Date: Thu, 10 Oct 2024 11:58:40 +0200
Subject: [PATCH 1/2] fix: add default cors.allowed.headers from tomcat-9.0-doc

---
 Dockerfile | 2 +-
 README.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 24d0a5a..52f0d87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -5,7 +5,7 @@ LABEL vendor="osgeo.org"
 ARG ADDITIONAL_FONTS_PATH=./additional_fonts/
 ARG ADDITIONAL_LIBS_PATH=./additional_libs/
 ARG COMMUNITY_PLUGIN_URL=''
-ARG CORS_ALLOWED_HEADERS=*
+ARG CORS_ALLOWED_HEADERS=Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
 ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
 ARG CORS_ALLOWED_ORIGINS=*
 ARG CORS_ALLOW_CREDENTIALS=false
diff --git a/README.md b/README.md
index a2f838b..5eb7d59 100644
--- a/README.md
+++ b/README.md
@@ -103,7 +103,7 @@ The ``startup.sh`` script allows some customization on startup:
 * ``CORS_ENABLED`` to ``true`` to enable CORS support. The following environment variables can be used to customize the CORS configuration.
   * ``CORS_ALLOWED_ORIGINS`` (default ``*``)
   * ``CORS_ALLOWED_METHODS`` (default ``GET,POST,PUT,DELETE,HEAD,OPTIONS``)
-  * ``CORS_ALLOWED_HEADERS`` (default ``*``)
+  * ``CORS_ALLOWED_HEADERS`` (default ``Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers``)
   * ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)**
 * ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``.
 

From e8ebfdcc30ad0b5f1d43bb38f7a03c389fe53472 Mon Sep 17 00:00:00 2001
From: Mathias Boeck <Mathias.Boeck@dlr.de>
Date: Thu, 10 Oct 2024 12:44:00 +0200
Subject: [PATCH 2/2] fix: add missing allowed headers to environment variables

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5eb7d59..8fff5fe 100644
--- a/README.md
+++ b/README.md
@@ -230,7 +230,7 @@ Following is the list of the all the environment variables that can be passed do
 | CORS_ENABLED | CORS enabled configuration | `false` |
 | CORS_ALLOWED_ORIGINS | CORS origins configuration | `*` |
 | CORS_ALLOWED_METHODS | CORS method configuration | `GET,POST,PUT,DELETE,HEAD,OPTIONS` |
-| CORS_ALLOWED_HEADERS | CORS headers configuration | `*` |
+| CORS_ALLOWED_HEADERS | CORS headers configuration | `Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers` |
 | DEBIAN_FRONTEND | Configures the Debian package manager frontend | `noninteractive`|
 | CATALINA_OPTS | Catalina options. Check [ref](https://www.baeldung.com/tomcat-catalina_opts-vs-java_opts) | `-Djava.awt.headless=true` |
 | GEOSERVER_DATA_DIR | Geoserver data directory location | `/opt/geoserver_data/` |