W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2011

[cors] Ability to read Access-Control-Expose-Headers

From: ConradIrwin <conrad.irwin@gmail.com>
Date: Sat, 24 Sep 2011 15:50:58 -0700
Message-ID: <CAOTq_pt=LqADM5yAUTX8rR2EbmGsB=t5iiNptsYeFzJxJf3bYg@mail.gmail.com>
To: public-webapps@w3.org
Hi all,

Is there a reason that Javascript cannot read the Access-Control-*
headers in CORS?

In particular I was trying to work around a bug in Firefox [1] that
means that .getAllResponseHeaders() doesn't get all response headers
for CORS requests. It seems that the nicest way to do this would just
be to iterate over the list of simple-response-headers, and the
contents of the Access-Control-Expose-Headers header.

Unfortunately, I'm not able to read the Access-Control-Expose-Headers
header, because it was not exposed in the
Access-Control-Expose-Headers header :).

In general it seems like a useful introspection mechanism  it would
allow applications to distinguish between "this header was not set"
and "I am not allowed to read this header". It also seems that it
would be useful to be able to read the Access-Control-Allow-Headers,
and Access-Control-Allow-Methods headers so that the javascript
application can adjust its feature set based on what the server will


[1] https://bugzilla.mozilla.org/show_bug.cgi?id=608735
Received on Sunday, 25 September 2011 13:18:05 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:35 UTC