Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Adding Exposed headers for CORS #94

Merged
merged 1 commit into from

2 participants

@Gutek

By default, when doing CORS ajax request, following headers will be available:

  • Cache-Control
  • Content-Language
  • Content-Type
  • Expires
  • Last-Modified
  • Pragma

source

more info - point 4

if we need to read anything else from headers (even-thou they are returned) we need to provide Access-Control-Expose-Header, otherwise browsers will not allow to get these headers from xhr response.

Exact case: SO question

Im not sure if there are other headers that will need to be exposed, but Location is required for getting information about created projection

@Gutek Gutek Adding Exposed headers for CORS
By default, when doing CORS ajax request, following headers will be available:

 - Cache-Control
 - Content-Language
 - Content-Type
 - Expires
 - Last-Modified
 - Pragma

[source](http://www.w3.org/TR/cors/#simple-response-header)

[more info - point 4](http://www.w3.org/TR/cors/#resource-requests)

if we need to read anything else from headers (even-thou they are returned) we need to provide `Access-Control-Expose-Header`, otherwise browsers will not allow to get these headers from xhr response.

Exact case: [SO question](http://stackoverflow.com/questions/17038436/reading-response-headers-when-using-http-of-angularjs)

Im not sure if there are other headers that will need to be exposed, but `Location` is required for getting information about created projection
d12e0cc
@jen20 jen20 merged commit 7466e47 into EventStore:dev
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 13, 2014
  1. @Gutek

    Adding Exposed headers for CORS

    Gutek authored
    By default, when doing CORS ajax request, following headers will be available:
    
     - Cache-Control
     - Content-Language
     - Content-Type
     - Expires
     - Last-Modified
     - Pragma
    
    [source](http://www.w3.org/TR/cors/#simple-response-header)
    
    [more info - point 4](http://www.w3.org/TR/cors/#resource-requests)
    
    if we need to read anything else from headers (even-thou they are returned) we need to provide `Access-Control-Expose-Header`, otherwise browsers will not allow to get these headers from xhr response.
    
    Exact case: [SO question](http://stackoverflow.com/questions/17038436/reading-response-headers-when-using-http-of-angularjs)
    
    Im not sure if there are other headers that will need to be exposed, but `Location` is required for getting information about created projection
This page is out of date. Refresh to see the latest.
View
1  src/EventStore/EventStore.Transport.Http/EntityManagement/HttpEntityManager.cs
@@ -162,6 +162,7 @@ private void SetRequiredHeaders()
HttpEntity.Response.AddHeader("Access-Control-Allow-Methods", string.Join(", ", _allowedMethods));
HttpEntity.Response.AddHeader("Access-Control-Allow-Headers", "Content-Type, X-Requested-With, X-PINGOTHER, Authorization");
HttpEntity.Response.AddHeader("Access-Control-Allow-Origin", "*");
+ HttpEntity.Response.AddHeader("Access-Control-Expose-Headers", "Location");
if (HttpEntity.Response.StatusCode == HttpStatusCode.Unauthorized)
HttpEntity.Response.AddHeader("WWW-Authenticate", "Basic realm=\"ES\"");
}
Something went wrong with that request. Please try again.