Yes. But for browser which is in different domain, when it gets the 302 redirect, It doesn't have the header flags for CORS. That's why it blocks the redirection. My web app resources all have the header added through servlet filter. But this is not working only for redirection from /shiro-cas to the web app root context. We fixed CAS too to have these flags. That's why Ajax code is able to get the service ticket etc from CAS successfully.
-- View this message in context: http://shiro-user.582556.n2.nabble.com/shiro-Redirection-tp7578608p7578612.html Sent from the Shiro User mailing list archive at Nabble.com.
