Create an invalid, not local, redirect.
On endpoint api/Auth/Logout?returnUrl={url} you need to set URL to some not local URL like https://www.google.com/arrow-up-right.
api/Auth/Logout?returnUrl={url}
You will find the flag in the response cookie.
Last updated 5 years ago