From 3e1af4f6ebbc1410968c2464cd27ca831f238710 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Wacongne?= <ch4mp@c4-soft.com>
Date: Mon, 25 Nov 2024 00:48:33 +0100
Subject: [PATCH] Update README.MD

---
 README.MD | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.MD b/README.MD
index 3a747a230..36b1d73ee 100644
--- a/README.MD
+++ b/README.MD
@@ -30,7 +30,7 @@ Auto-configuration for resource servers:
 Auto-configuration for clients with `oauth2Login`:
 - customizing responses returned to the frontend during the authorization-code and RP-Initiated Logout flows:
   - specify the URI in `Location` header to activate a route after login / logout (defaults can be defined in application properties and overridden by the frontend using headers or query parameters)
-  - ovoid some CORS errors: set the HTTP status in the `2xx` range to observe the response in Javascript code and trigger plain navigation instead of letting the browser follow a redirection with a cross-origin request
+  - avoid some CORS issues with the authorization server: set the HTTP status in the `2xx` range to observe the response and handle the redirection in Javascript code instead of letting the browser follow with an Ajax request. There is no reason for these redirections to be cross-origin requests, plain navigation is what should actually happen.
 - exposing CSRF token as a cookie accessible to a single-page application
 - logging out from an authorization server not strictly implementing RP-Initiated Logout (case of Auth0 and Amazon Cognito for instance)
 - activating and configuring Back-Channel Logout