[Openid-specs-ab] Front-channel logout: Using CORS Ajax instead of iframe

Vladimir Dzhuvinov vladimir at connect2id.com
Mon Aug 14 05:09:41 UTC 2017


I particular app requires to know if the logout GET was successfully
delivered (HTTP status 200). Unfortunately, using iframes doesn't permit
this to be checked. But a CORS XHR does.

Am I correct that a CORS XHR is also permitted under the spec? Reading
it, there doesn't seem to be any actual normative language around the
use of iframe.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3711 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20170814/15eaf89f/attachment.p7s>

More information about the Openid-specs-ab mailing list