[Review] Map Layers widget - Map layer validation failed for URL

How to add WMS services as background? 
All services I try end with "Map layer validation failed for URL" error.
Is it because of CORS?

Parents Reply Children
  • Then this renders this feature unusable if public and opendata WMS can't be used.
    Then why Ron example works?

  • Hi. No, I don't believe that statement to be true. Ron's example works because that server supports CORS. When the browser sends the Origin: header, the response contains a proper Access-Control-Allow-Origin response. That satisfies the browser's concerns about CORS. When presented with an Origin: header, your WMS server does not provide a Access-Control-Allow-Origin response. The browser takes this as a refusal from your server to respond to this particular request. CORS is a protection mechanism against malicious web pages that would do cross-domain requests without your consent. Bentley did not invent this. I suggest you look at document on the internet, like this one for example: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS . 

    Making a (WMS) web server public simply means making it CORS-compliant and whitelisting the proper origins, or "*" in the case of a public site. 

    Your server will work fine as it is today when it's called directly, or from another executable program. Only web browsers apply CORS rules. iTwin applications like Design Review are web applications and as such are bound to respect the CORS rules. We have built our WMS and in general map layers support so that requests are made from your browser instead of going through another Bentley cloud service first. Although that would have removed the CORS problem, it would have slowed down each request. More importantly, it would have prevented access to on-premise WMS or Esri REST services when they are not accessible publicly. The current solution supports both on-premise private servers as well as public services, as long as CORS is configured. 

    Hope this helps.


  • How to verify if WMS server is CORS-compliant? I do not see such response from .au server.

    I would gladly use on-premise WMS but Bentley no longer have such product so have to rely on 3rd party servers.

  • It seems the server only returns the Access-Control-Allow-Origin header in its response if it has received a Origin header in the request. Typing the address directly in your web browser will not add an Origin header since it is the original request. The CORS system is for web requests that are done within the code of a web page, in case they go to a different domain. 

    The way I've simulated it is by using an http tracing application (debugging proxy) that let me replay past requests and edit them. I was able to manually add an Origin header with a fake domain to verify if CORS was supported. 


  • Thanks was able to reproduce it in Firefox using "Edit and resend" option in Dev tab. 

    And what is wrong with this link? http://lvmgeoserver.lvm.lv/geoserver/ows?service=wms&version=1.3.0&request=GetCapabilities&layer=public:OSM

    This have a Access-Control-Allow-Origin: * but still error.