I only know enough about browser same-origin policies to get me in trouble. That said, I would try to avoid what your are doing below if possible. Is there a reason not to allow the user to be presented the CAS login form instead of collecting it and getting the TGT/ST via javascript?
-----Original Message----- From: Venkat [mailto:[email protected]] Sent: Thursday, April 11, 2013 7:10 PM To: [email protected] Subject: [cas-user] Cross-Origin Resource Sharing Hi We are trying use CAS REST API to get TGT and service ticket. We are trying to do this from java script. We are getting the below error. XMLHttpRequest cannot load https://host123:8443/cas/v1/tickets. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin. CAS response should have Access-Control-Allow-Origin with * in the header. Is there any way we can configure this in CAS? Thanks Venkat -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
smime.p7s
Description: S/MIME cryptographic signature
