I have server REST API secured with shiro.ini, which use authc.loginUrl to re-direct all request that's not logged in . I have a separate Augular2 based web app that trying to access server's REST services. From browser console, I can see server re-directed the request to login URL configured on shiro.ini, but because of Angular2 web server and backend server URL is different, the login page is not displayed. The CORS error message was "<login URL> has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource". I heard that if I add the Access-Control-Allow-Origin header to the server response (not sure if only the login page response or all the responses), the problem will get resolved. But since I only used web.xml and shiro.ini for Shiro, not sure how to do that with these two files. Any sample code will be highly appreciated.
-- Sent from: http://shiro-user.582556.n2.nabble.com/
