Update recommendations.md

Co-authored-by: Aaron Parecki <[email protected]>

Author: danielfett

recommendations.md

@@ -246,5 +246,5 @@ To support browser-based clients, endpoints directly accessed by such clients
 including the Token Endpoint, Authorization Server Metadata Endpoint, `jwks_uri`
 Endpoint, and the Dynamic Client Registration Endpoint MAY support the use of
 Cross-Origin Resource Sharing (CORS, [@CORS]). However, CORS MUST NOT be
-supported at the Authorization Endpoint as it is redirected to by the client and
+supported at the Authorization Endpoint as the client does not access this
 not directly accessed.