-
-
Notifications
You must be signed in to change notification settings - Fork 468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access-Control-Expose-Headers #15
Comments
Hi @ix-xerri you're right, that isn't currently supported. I haven't seen this header before, but I'll take a look at implementing it soon. http://www.w3.org/TR/cors/#access-control-expose-headers-response-header |
Express examples usually show CSRF tokens inside some jade template. I include it in the response header and have the client store it in memory so that the next request would contain the CSRF token. To be able to access the header of a CORS response via javascript you need |
Just received another bug report about this (copy-pasta'd below). Will get this fixed in the next couple of days. Hey, I just thought I would drop you a note. I might have a minor bug fix, but I'm not sure if it strictly relates to CORS. Chrome has been giving me errors for a while - refusing to get unsafe headers. I believe the solution is: Access-Control-Expose-Headers. To make Chrome happy, I did the following: Config:
New Method
Added it into the (i.e. it fires every other time)
|
Fixed and pushed to npm as version 2.2.0. Set the |
Would just like to double check this issue. In my use case I have a CSRF token in the headers. Now to have that token accessible by the client then I need to use 'Access-Control-Expose-Headers'. This middle ware does not offer the functionality to add that header, correct?
The text was updated successfully, but these errors were encountered: