When making cross domain requests, the client is only allowed to read simple response headers (cache-control, expires, content-type, last-modified). Other headers are prohibited from being read for security reasons.
Since many responses are large, it might be nice to place a download indicator on public facing pages. However, this cannot be done without the content-length value (so that percentages can be computed).
Therefore, I propose we enable reading of this header for all clients.
The appropriate parameter is ""Access-Control-Expose-Headers"
When making cross domain requests, the client is only allowed to read simple response headers (
cache-control
,expires
,content-type
,last-modified
). Other headers are prohibited from being read for security reasons.Since many responses are large, it might be nice to place a download indicator on public facing pages. However, this cannot be done without the
content-length
value (so that percentages can be computed).Therefore, I propose we enable reading of this header for all clients.
The appropriate parameter is
""Access-Control-Expose-Headers"