From 4fcc6658b0aa9144013c0a5916582d2ed1a58828 Mon Sep 17 00:00:00 2001
From: Sylvain Lesage <severo@rednegra.net>
Date: Thu, 9 Oct 2025 22:34:17 +0200
Subject: [PATCH] expose content-range header

otherwise, browsers cannot access it, because it's not among the
CORS-safelisted response headers:
https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
---
 src/main.rs | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index b32a864..cc05522 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -123,15 +123,17 @@ async fn get_object(
         .insert_header(("ETag", res.etag));
 
     if is_range_request {
-        response = response.insert_header((
-            "Content-Range",
-            format!(
-                "bytes {}-{}/{}",
-                range_start,
-                range_start + res.content_length - 1,
-                content_length
-            ),
-        ));
+        response = response
+            .insert_header((
+                "Content-Range",
+                format!(
+                    "bytes {}-{}/{}",
+                    range_start,
+                    range_start + res.content_length - 1,
+                    content_length
+                ),
+            ))
+            .insert_header(("Access-Control-Expose-Headers", "Content-Range"));
     }
 
     Ok(response.body(streaming_response))