Adding Exposed headers for CORS #94

Merged
merged 1 commit into from Feb 14, 2014

Conversation

Projects
None yet
2 participants
Member

Gutek commented Feb 13, 2014

By default, when doing CORS ajax request, following headers will be available:

  • Cache-Control
  • Content-Language
  • Content-Type
  • Expires
  • Last-Modified
  • Pragma

source

more info - point 4

if we need to read anything else from headers (even-thou they are returned) we need to provide Access-Control-Expose-Header, otherwise browsers will not allow to get these headers from xhr response.

Exact case: SO question

Im not sure if there are other headers that will need to be exposed, but Location is required for getting information about created projection

Adding Exposed headers for CORS
By default, when doing CORS ajax request, following headers will be available:

 - Cache-Control
 - Content-Language
 - Content-Type
 - Expires
 - Last-Modified
 - Pragma

[source](http://www.w3.org/TR/cors/#simple-response-header)

[more info - point 4](http://www.w3.org/TR/cors/#resource-requests)

if we need to read anything else from headers (even-thou they are returned) we need to provide `Access-Control-Expose-Header`, otherwise browsers will not allow to get these headers from xhr response.

Exact case: [SO question](http://stackoverflow.com/questions/17038436/reading-response-headers-when-using-http-of-angularjs)

Im not sure if there are other headers that will need to be exposed, but `Location` is required for getting information about created projection

jen20 pushed a commit that referenced this pull request Feb 14, 2014

Merge pull request #94 from Gutek/patch-2
Adding Exposed headers for CORS

@jen20 jen20 merged commit 7466e47 into EventStore:dev Feb 14, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment