I'm exploring implementing Persona logins for a purely client-side application, and am getting blocked by the lack of CORS support on the https://verifier.login.persona.org/verify endpoint.
I found this old issue describing your rationale for removing CORS support: #767
These issues don't really apply to my application though because all user data is encrypted with a separate user-defined password that has nothing to do with Persona, so intercepting the assertions alone won't get an attacker anywhere.
I'm mostly looking to use Persona to provide users a familiar email-based login experience and email verification process for a client-side application that won't have any other means to verify emails (so I can make use of the email as an unique user identifier inside the application).
I'm assuming there are no plans to re-enable CORS support anytime soon? If so, do I have any other options besides running a server just to proxy requests to the /verify endpoint?
I'm exploring implementing Persona logins for a purely client-side application, and am getting blocked by the lack of CORS support on the https://verifier.login.persona.org/verify endpoint.
I found this old issue describing your rationale for removing CORS support: #767
These issues don't really apply to my application though because all user data is encrypted with a separate user-defined password that has nothing to do with Persona, so intercepting the assertions alone won't get an attacker anywhere.
I'm mostly looking to use Persona to provide users a familiar email-based login experience and email verification process for a client-side application that won't have any other means to verify emails (so I can make use of the email as an unique user identifier inside the application).
I'm assuming there are no plans to re-enable CORS support anytime soon? If so, do I have any other options besides running a server just to proxy requests to the /verify endpoint?