Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reflection on Access-Control-Expose-Headers #169

Open
g6123 opened this issue Jan 12, 2019 · 1 comment
Open

Reflection on Access-Control-Expose-Headers #169

g6123 opened this issue Jan 12, 2019 · 1 comment
Labels
ideas

Comments

@g6123
Copy link

g6123 commented Jan 12, 2019

It would be nice to support reflection on Access-Control-Expose-Headers header. For example, following configuration allows access to any response header whose name starts with X-Namespace-.

{
  // ...
  "exposedHeaders": /^X-Namespace-/i,
  // ...
}

Supported types may include: boolean value, string, comma-separated string, RegExp., function predicate, and array of all of them, some of which are already supported in the case of origin or allowedHeaders option.
@jub0bs
Copy link

jub0bs commented Oct 30, 2022
edited
Loading

@g6123 What about X-Namespace-foo response header that middleware add? At that stage, the CORS middleware has already finished executing and doesn't have an opportunity to further add to the Access-Control-Expose-Headers header.

The only reliable way to expose all response headers to (non-credentialed requests) to the client is to use the wildcard:

Access-Control-Expose-Headers: *

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ideas
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@g6123 @e-l-i-s-e @jub0bs