Add "Access-Control-Expose-Headers" for `X-Quota-Current` and `X-Quota-Limit` response headers, so they are accessible to clients calling the API via Ajax #154
All API responses include your current usage and limit in the X-Quota-Current and X-Quota-Limit response headers.
But, CORS restrictions mean that browsers strip most headers from Ajax responses by default, so if you’re calling MapIt via Ajax, you can’t see those Quota headers.
@dracos Given these headers might be handy for something we’re building in the Climate team, I’m happy to do a PR for this, if you agree with the approach?
The MapIt documentation says that:
But, CORS restrictions mean that browsers strip most headers from Ajax responses by default, so if you’re calling MapIt via Ajax, you can’t see those Quota headers.
It sounds like the expectation is that servers indicate which headers should be passed to the client, by providing them as a comma-separated list (or the string
*
) under another Access-Control-Expose-Headers header.I guess we’d want to add that to the
response
dicts inoutput_json
andoutput_polygon
, in shortcuts.py, the same as we do for theAccess-Control-Allow-Origin
header? eg:@dracos Given these headers might be handy for something we’re building in the Climate team, I’m happy to do a PR for this, if you agree with the approach?