Someone faced this problem: there is a front, there is a rest service and there is a map service (geoserver), as well as authorization (jwt) through the rest service. But in the end, the map service revolves separately and requests go to it without a key, therefore, as if not protected.

The essence of the question is: is it worth sending the keys with each request of the tile (256 * 256px), because there will be twice as many requests due to pre-fligth requests, therefore the download speed of the map will fall. Can anyone do this or come across?

  • How are your jwt and preflight queries related? jwt is just signed by json .. - Darth
  • Access-Control-Request-Headers: authorization are connected like this, the brouser automatically makes the request complex. @Darth - Artsiom
  • one
    Well, put your jwt not in the header, but somewhere else. in the GET or POST parameter for example. - Darth
  • @Darth service is written by third-party developers (geoserver), requests are sent using openlayers. If you know how to parse jwt on geoserver, I will be very grateful. Otherwise, it will become a problem to update it later, right? - Artsiom

0