[Openid-specs-ab] Front-channel logout: Using CORS Ajax instead of iframe
Vladimir Dzhuvinov
vladimir at connect2id.com
Mon Aug 14 05:09:41 UTC 2017
Hello,
I particular app requires to know if the logout GET was successfully
delivered (HTTP status 200). Unfortunately, using iframes doesn't permit
this to be checked. But a CORS XHR does.
Am I correct that a CORS XHR is also permitted under the spec? Reading
it, there doesn't seem to be any actual normative language around the
use of iframe.
Thanks,
Vladimir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170814/15eaf89f/attachment.p7s>
More information about the Openid-specs-ab
mailing list