You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I need to expose Location header for only some responses (like to POST request), in most other responses there is no Location header in responses.
Should it filter ExposedHeaders by response headers already presented in? Or it depends on the order of middleware setup?
Also it will add a time penalty for processing that filter. So the main purpose of this issue is: is it OK to add Access-Control-Expose-Headers: XXX header without XXX header in the response?
The text was updated successfully, but these errors were encountered:
Yes, it is OK to expose the Location HTTP header, even if it is only sometimes in a response.
Note that the endpoint the Location header points to will also need the correct CORS setup (you can't re-direct to another domain and ignore their CORS configuration).
I need to expose Location header for only some responses (like to POST request), in most other responses there is no Location header in responses.
Should it filter ExposedHeaders by response headers already presented in? Or it depends on the order of middleware setup?
Also it will add a time penalty for processing that filter. So the main purpose of this issue is: is it OK to add
Access-Control-Expose-Headers: XXX
header withoutXXX
header in the response?The text was updated successfully, but these errors were encountered: