I actually do know how to solve this with the Access-Control-Allow-Origin header. But I'm curious as to why is this happening, because there is no OPTIONS preflight being sent on Chrome's Network tab (also checked in Firefox). I can even see the full response on the network tab... So here is the request/response information:
General:
Request URL:http://localhost:8080/test/api/login
Request Method:POST
Status Code:200 OK
Remote Address:[::1]:8080
Referrer Policy:no-referrer-when-downgrade
Request Headers:
Accept:application/json, text/plain, /
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.9
Cache-Control:no-cache
Connection:keep-alive
Content-Length:37
content-type:text/plain
Host:localhost:8080
Origin:http://localhost:8100
Pragma:no-cache
Referer:http://localhost:8100/
User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36
Response Headers:
Content-Length:12
Content-Type:application/json;charset=UTF-8
Date:Wed, 07 Mar 2018 21:32:52 GMT
Server:Apache-Coyote/1.1
Error message (Chrome's console):
Failed to load http://localhost:8080/po27/api/login: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access.
Don't think it matters but: the request is being made with Angular 4's HttpService
