You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 10, 2019. It is now read-only.
I'm exploring implementing Persona logins for a purely client-side application, and am getting blocked by the lack of CORS support on the https://verifier.login.persona.org/verify endpoint.
I found this old issue describing your rationale for removing CORS support: #767
These issues don't really apply to my application though because all user data is encrypted with a separate user-defined password that has nothing to do with Persona, so intercepting the assertions alone won't get an attacker anywhere.
I'm mostly looking to use Persona to provide users a familiar email-based login experience and email verification process for a client-side application that won't have any other means to verify emails (so I can make use of the email as an unique user identifier inside the application).
I'm assuming there are no plans to re-enable CORS support anytime soon? If so, do I have any other options besides running a server just to proxy requests to the /verify endpoint?
The text was updated successfully, but these errors were encountered:
I'm exploring implementing Persona logins for a purely client-side application, and am getting blocked by the lack of CORS support on the https://verifier.login.persona.org/verify endpoint.
I found this old issue describing your rationale for removing CORS support: #767
These issues don't really apply to my application though because all user data is encrypted with a separate user-defined password that has nothing to do with Persona, so intercepting the assertions alone won't get an attacker anywhere.
I'm mostly looking to use Persona to provide users a familiar email-based login experience and email verification process for a client-side application that won't have any other means to verify emails (so I can make use of the email as an unique user identifier inside the application).
I'm assuming there are no plans to re-enable CORS support anytime soon? If so, do I have any other options besides running a server just to proxy requests to the /verify endpoint?
The text was updated successfully, but these errors were encountered: