Hi, After authentication is done with /shiro-cas, it redirects to the web app root context.
We are having an issue with this when making Ajax XmlHttpRequest from java script in the browser. This is because of CORS issues (Cross origin resource sharing). Since the browser is in a different domain than the server, browser stops at 302 and doesn't go to redirected root context. We usually work around this by adding Access-control-Allow-Origin, Access-control-Expose-Header flags to response headers. I tried to do the same thing by adding these in the servlet filter after shirofilter. But it doesn't work only for 302. I guess custom headers added for 302 doesn't work or i'm missing something. Anyone has any idea? Thanks Venkat -- View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608.html Sent from the Shiro User mailing list archive at Nabble.com.
