=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2015-10-21 11:33:29 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2015-10-21 15:05:41 +0000
@@ -136,7 +136,7 @@
 
         if ( StringUtils.isEmpty( forwardedProto ) )
         {
-            localUrl = ServletUriComponentsBuilder.fromContextPath( request ).build().toUriString();
+            localUrl = ServletUriComponentsBuilder.fromContextPath( request ).replacePath("").build().toUriString();
         }
         else
         {
@@ -144,7 +144,7 @@
                 .scheme( forwardedProto ).build().toUriString();
         }
 
-        return !StringUtils.isEmpty( origin ) && ( localUrl.equals( origin ) || 
+        return !StringUtils.isEmpty( origin ) && ( localUrl.equals( origin ) ||
             configurationService.getCorsWhitelist().contains( origin ) );
     }