For OAuth APIs this is not needed. Like I said, this is only for APIs that are directly consumed by browsers. Assign Message policy is good for this case. I was curious if this would be added as a feature, like CORS.
For OAuth APIs this is not needed. Like I said, this is only for APIs that are directly consumed by browsers. Assign Message policy is good for this case. I was curious if this would be added as a feature, like CORS.