CSRF Whitelist

To whitelist your domain in GeoServer, you can use our included file.

This file is located under /scripts/csrf-whitelist.txt

The contents should be added to your /home/tomcat/apache-tomcat-{version}/webapps/geoserver/WEB-INF/web.xml file.


Be sure to create a backup of your web.xml file before making any changes.

The file contents are below

1   <context-param>
2   <param-name>GEOSERVER_CSRF_WHITELIST</param-name>
3   <param-value>yourdomain.com</param-value>
4   </context-param>

You must restart Tomcat for the changes to register.


Be sure to replace yourdomain.com with your own domain above.