So, I'm nearly there with this problem but not quite. I can indeed log into the page of a particular experiment, but the only issue is that the OHIF viewer now stops working. Specifically, clicking on the "View Images" link under "Actions" just brings up the spinning cog animation for a split second before it exits. Here's how I'm accessing the page (first the JS, with suitably obfuscated data):
In order for the CORS call to work I had to add the following filter to $CATILINA_HOME/webapps/xnat/WEB-INF/web.xml. Here, "JS-server" is the webserver hosting the JS script above.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>
https://JS-server.domain,
https://localhost,
https://xnat-host.domain</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With,Accept,Authorization,Origin,Access-Control-Request-Method,Access-Control-Request-Headers</param-value>
</init-param>
<init-param>
<param-name>cors.exposed.headers</param-name>
<param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Removing this filter and restarting tomcat makes OHIF burst into life. I can't see anything relevant appearing in a log file, but I may be missing it. Any pointers on what special bit of configuration I'm missing, or over zealously included, would be much appreciated.
Mark