Hi Kevin,
Thanks for the suggestions, i looked at both of them but i can’t figure out how the info on these pages can be used to solve the problem.
The headings and CORS are all set correctly on the server. Any request from outside the iframe is running smoothly.
It seems that the iframe in which the viewer is does not allow communication from the parent page as it is in a strict sandbox.
Is it possible to overrule these sandbox settings. That would allow me to send the token by a message to the viewer.
kind regards
Bart