fix(cors): supported custom ExposeHeadersHeader

innoai-tech · Jan 23, 2024 · 8d9b32d · 8d9b32d
1 parent 9fd26ea
commit 8d9b32d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
-.DS_Store
+.DS_Store
+.idea/
diff --git a/pkg/http/middleware/cors.go b/pkg/http/middleware/cors.go
@@ -31,6 +31,7 @@ func DefaultCORS() func(http.Handler) http.Handler {
 			"Origin",
 			"B3",
 			"WWW-Authenticate",
+			"Location",
 			"X-Requested-With",
 			"X-RateLimit-Limit", // follow https://developer.github.com/v3/rate_limit/
 			"X-RateLimit-Remaining",
@@ -135,7 +136,11 @@ func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set(corsAllowMethodsHeader, method)
 		}
 	} else {
-		if len(ch.exposedHeaders) > 0 {
+		exposedHeaders := ch.exposedHeaders
+		if v := w.Header().Get(corsExposeHeadersHeader); v != "" {
+			exposedHeaders = append(exposedHeaders, strings.SplitN(v, ",", -1)...)
+		}
+		if len(exposedHeaders) > 0 {
 			w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, ","))
 		}
 	}