Hi I am using Pac4j to do login logout. It has this class called OidcLogoutActionBuilder, where inside it checks specifically if the request is an Ajax request (e.g. from SPA), it will reply with 403. I wonder why is it?
Would it be just some functional limitation (e.g. client does not do redirect from Ajax response) or is there some security concern?
