api: add Access-Control-Expose-Headers

XHR requests need this to be able to read our debug headers

See: getsentry/sentry-javascript#839

Author: mattrobenolt

src/sentry/web/api.py

@@ -159,6 +159,8 @@ def dispatch(self, request, project_id=None, *args, **kwargs):
                 'Content-Type, Authentication'
             response['Access-Control-Allow-Methods'] = \
                 ', '.join(self._allowed_methods())
+            response['Access-Control-Expose-Headers'] = \
+                'X-Sentry-Error, Retry-After'
 
         return response