I am really hoping someone can help point me in the right direction.

I have Geoserver deployed within Tomcat 9 on an Ubuntu 18.04 server.

All was working absolutely fine until I added SSL to the Apache virtual host. I have no problem with logging in to Geoserver but when I try and change anything (e.g. save a new setting or try to add data to Geoserver) I get this error:

HTTP Status 400 – Bad Request Type Status Report Message Origin does not correspond to request Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing). Apache Tomcat/9.0.43

This has only happened since I added SSL and if I remove the SSL Virtual Host in Apache and run the site just as HTTP, I don't get the error.

Can anyone point me in the right direction please?

Thank you

I solved this problem using the instructions here: https://dev.to/iamtekson/using-nginx-to-put-geoserver-https-4204

1. Added my domain name under Settings > Global > Proxy Base URL in the GeoServer admin site: https:www.mydomain.com

2. Check, "Use headers for Proxy URL"

3. Added the following code in web.xml located here: /webapps/geoserver/WEB-INF/web.xml

   <context-param>
        <param-name>GEOSERVER_CSRF_WHITELIST</param-name>
        <param-value>example.org</param-value>
   </context-param>
   
   <filter>
       <filter-name>cross-origin</filter-name>
       <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
       <init-param>
           <param-name>cors.allowed.origins</param-name>
           <param-value>*</param-value>
       </init-param>
       <init-param>
           <param-name>cors.allowed.methods</param-name>
           <param-value>GET,POST,PUT,DELETE,HEAD,OPTIONS</param-value>
       </init-param>
       <init-param>
           <param-name>cors.allowed.headers</param-name>
           <param-value>*</param-value>
       </init-param>
   </filter>