I am working with our development team to publish a browser based single page application which utilizes the local storage feature to store data and will attempt to sync the data when the connection is available. This can be offline hours in some cases due to the rural areas where the targeted users operate. The application is sitting behind an APM policy which requires a logon before redirecting back to the originating uri.
The initial load of the application works fine as the users is prompted to logon and then redirected to the internal single page application at which point data is loaded and the application continues to sync. When I kill the connection for over 15 minutes (APM timeout) and come back online the AJAX call is being redirected to the logon page and the browser logs the console security message:
"XMLHTTPRequest cannot load https://loginpage.domain.com/F5Networks-SSO-Req?SSO_ORIG_URI=...... No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://singlepageapp.domain.com' is therefore not allowed access.
From what I can tell from reading about CORS and other posts here I need to somehow get the APM login page to present a Access-Control-Allow-Origin header which would allow the AJAX call to traverse from the singlepageapp.domain.com to the loginpage.domain.com. This would then allow the ajax call to determine if the client has a connection before forcing a page reload (which would allow for user re-authentication).