-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reflection on Access-Control-Expose-Headers #169
Labels
Comments
@g6123 What about The only reliable way to expose all response headers to (non-credentialed requests) to the client is to use the wildcard: Access-Control-Expose-Headers: * |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It would be nice to support reflection on
Access-Control-Expose-Headers
header. For example, following configuration allows access to any response header whose name starts withX-Namespace-
.Supported types may include: boolean value, string, comma-separated string, RegExp., function predicate, and array of all of them, some of which are already supported in the case of
origin
orallowedHeaders
option.The text was updated successfully, but these errors were encountered: