Skip to content
This repository has been archived by the owner on Dec 1, 2023. It is now read-only.

Missing response headers #208

Closed
damir opened this issue Jan 19, 2016 · 7 comments
Closed

Missing response headers #208

damir opened this issue Jan 19, 2016 · 7 comments

Comments

@damir
Copy link

damir commented Jan 19, 2016

Hi all,

I need to pull some data from custom response headers but there are none. All i get is this when inspecting response:

"headers": {
      "Accept": "application/json, text/plain, */*"
    }

response.headers() is also broken, it returns this:

{
  "content-type": "application/json",
  "": ""
}
@ernysans
Copy link

Hi @damir .

You need to call the headers in line with console.log(response.request.headers); so you can see all the ones you have available.

"Accept": "application/json, text/plain, */*",
"Authorization": "Basic YXBpOnBhc3N3b3Jk",
"X-Requested-With": "XMLHttpRequest"

Then you can call the the one you need. For example: console.log(response.request.headers.Accept);

application/json, text/plain, */*

@damir
Copy link
Author

damir commented Jan 21, 2016

Hi Erny,

Those are the request headers, same I pasted before when inspected the whole request object. From response (i.e. request.response) i got data, status and statusText but no response headers.

@damir
Copy link
Author

damir commented Jan 21, 2016

I fixed the problem, for CORS requests Access-Control-Expose-Headers must be set both on the server and the client:

Access-Control-Expose-Headers (optional) - The XMLHttpRequest 2 object has a getResponseHeader() method that returns the value of a particular response header. During a CORS request, the getResponseHeader() method can only access simple response headers. Simple response headers are defined as follows:

Cache-Control
Content-Language
Content-Type
Expires
Last-Modified
Pragma

If you want clients to be able to access other headers, you have to use the Access-Control-Expose-Headers header. The value of this header is a comma-delimited list of response headers you want to expose to the client.

More at http://www.html5rocks.com/en/tutorials/cors/

@damir damir closed this as completed Jan 21, 2016
@chasewoo
Copy link

@damir Thanks for you, your answer is very useful.

@taozhiyuzhuo
Copy link

@damir how to solve it

@damir
Copy link
Author

damir commented Dec 11, 2016

Here is the config from Rack::Cors middleware (Ruby) where custom headers are set:

use Rack::Cors do

  allow do
    origins '*'
    resource '*', :headers => :any,
                  :methods => [:get, :post, :options, :put, :patch],
                  :expose  => ['X-total-count', 'X-per-page']
  end
end

And this is how headers look like in a raw response from server:

Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, POST, OPTIONS, PUT, PATCH
Access-Control-Allow-Origin:http://localhost:8080
Access-Control-Expose-Headers:X-total-count, X-per-page
Access-Control-Max-Age:1728000
Content-Length:0
Content-Security-Policy:default-src 'self'
Content-Type:application/json
Strict-Transport-Security:max-age=16070400;
Vary:Origin
X-Content-Type-Options:nosniff
X-Frame-Options:deny
X-XSS-Protection:1; mode=block

@Parameshvadivel
Copy link

@damir can you please update your answer of header content?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@damir @chasewoo @ernysans @taozhiyuzhuo @Parameshvadivel