on the server, where you are returning a response, you will do something
like this,
static void sendTextResponseInternal(String text, String contentType, String
filename, ExecutionContextImpl eci,
HttpServletRequest request, HttpServletResponse response,
Map<String, Object> requestAttributes) {
response.addHeader("Access-Control-Allow-Origin", "http://localhost:8100";)
response.addHeader("Access-Control-Allow-Credentials", "true")
response.addHeader("Access-Control-Allow-Methods", "GET, POST, DELETE, PUT,
OPTIONS")
response.addHeader("Access-Control-Allow-Headers", "Content-Type,
Authorization, api_key, header")
response.writer.write(responseText)
On Wed, Mar 14, 2018 at 11:18 PM, Gary <[email protected]> wrote:
> I have server REST API secured with shiro.ini, which use authc.loginUrl to
> re-direct all request that's not logged in .
> I have a separate Augular2 based web app that trying to access server's
> REST
> services. From browser console, I can see server re-directed the request to
> login URL configured on shiro.ini, but because of Angular2 web server and
> backend server URL is different, the login page is not displayed. The CORS
> error message was "<login URL> has been blocked by CORS policy: No
> 'Access-Control-Allow-Origin' header is present on the requested resource".
> I heard that if I add the Access-Control-Allow-Origin header to the server
> response (not sure if only the login page response or all the responses),
> the problem will get resolved. But since I only used web.xml and shiro.ini
> for Shiro, not sure how to do that with these two files.
> Any sample code will be highly appreciated.
>
>
>
>
> --
> Sent from: http://shiro-user.582556.n2.nabble.com/
>
