[Openid-specs-ab] Front-channel logout: Using CORS Ajax instead of iframe
vladimir at connect2id.com
Mon Aug 14 05:09:41 UTC 2017
I particular app requires to know if the logout GET was successfully
delivered (HTTP status 200). Unfortunately, using iframes doesn't permit
this to be checked. But a CORS XHR does.
Am I correct that a CORS XHR is also permitted under the spec? Reading
it, there doesn't seem to be any actual normative language around the
use of iframe.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
More information about the Openid-specs-ab