Merge pull request #194 from bsura/cors_fix

Fix for CORS issue where sendError doesn't allow CORS headers to be set.

ArgusWeb/app/js/services/unauthorizedInterceptor.js

@@ -2,7 +2,7 @@ angular.module('argus.services.interceptor', [])
 .factory("UnauthorizedInterceptor", ['$q', '$location', 'Storage', function ($q, $location, Storage) {
     return {
         responseError: function (rejection) {
-            if (rejection.status === 401 || rejection.status <= 0) {
+            if (rejection.status === 401 || rejection.status === 0) {
                 var url = rejection.config.url;
                 var suffix = '/login';
                 if (url.indexOf(suffix, url.length - suffix.length) === -1) {

ArgusWebServices/src/main/java/com/salesforce/dva/argus/ws/filter/AuthFilter.java

@@ -81,7 +81,10 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
             Object remoteUser = session.getAttribute(USER_ATTRIBUTE_NAME);
 
             if (!"options".equalsIgnoreCase(req.getMethod()) && !_isAuthEndpoint(req) && remoteUser == null) {
-                HttpServletResponse.class.cast(response).sendError(HttpServletResponse.SC_UNAUTHORIZED);
+            	HttpServletResponse httpresponse = HttpServletResponse.class.cast(response);
+            	httpresponse.setHeader("Access-Control-Allow-Origin", req.getHeader("Origin"));
+            	httpresponse.setHeader("Access-Control-Allow-Credentials", "true");
+            	httpresponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             } else if (remoteUser != null) {
                 user = PrincipalUserDto.class.cast(session.getAttribute(USER_ATTRIBUTE_NAME)).getUserName();
             }