Y
Hacker News
new
|
ask
|
show
|
jobs
by
CGamesPlay
1683 days ago
It looks like this is still allowed.
https://idp.corp.example
is a secure context, and you can add proper CORS headers to your local endpoint, and then you meet the criteria for the request.