Force CORS endpoint to be provided by the RP and IDP

fedidcg / LightweightFedCM

A Work Item of the Federated Identity Community Group.

9 stars 4 forks source link

Force CORS endpoint to be provided by the RP and IDP #11

Closed bvandersloot-mozilla closed 6 months ago

bvandersloot-mozilla commented 7 months ago

This prevents link decoration attacks, lets us issue the request before showing it in the UI, and allow sites opt-out of being presented as IDPs. This fixes #5 and #6