Header field Access-Control-Expose-Header is not correctly set due to typo and access of wrong variables

elysiajs / elysia-cors

Plugin for Elysia that for Cross Origin Requests (CORs)

MIT License

31 stars 9 forks source link

Header field Access-Control-Expose-Header is not correctly set due to typo and access of wrong variables #33

Open KilianB opened 11 months ago

KilianB commented 11 months ago

Due to a typo the middleware is setting the header value Access-Control-Exposed-Headers, it should be Access-Control-Expose-Headers, instead. Without the d. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

https://github.com/elysiajs/elysia-cors/blob/41e34656bb95d6fbb2a98e2ba5ead0838a6a411c/src/index.ts#L292

Additionally the exposedHeader field is checked in order to set the allowed headers:

https://github.com/elysiajs/elysia-cors/blob/41e34656bb95d6fbb2a98e2ba5ead0838a6a411c/src/index.ts#L251-L252

Mudbill commented 5 months ago

Came here to report the same thing. I do see the Expose header in my response, but I also see Exposed in the list. Spent some time trying to find if there's anything real attached to the Exposed header because it seemed wrong to me. Confusing at the very least.

SaltyAom commented 3 months ago

Fixed with 6ba3b48, published under 1.0.4