diff --git a/lib/create-app.js b/lib/create-app.js index 7ea911f1c..a31d90016 100644 --- a/lib/create-app.js +++ b/lib/create-app.js @@ -32,7 +32,7 @@ const corsSettings = cors({ methods: [ 'OPTIONS', 'HEAD', 'GET', 'PATCH', 'POST', 'PUT', 'DELETE' ], - exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via', + exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via, X-Powered-By', credentials: true, maxAge: 1728000, origin: true, diff --git a/lib/handlers/cors-proxy.js b/lib/handlers/cors-proxy.js index 8b8ab330c..50f9b6e1a 100644 --- a/lib/handlers/cors-proxy.js +++ b/lib/handlers/cors-proxy.js @@ -13,7 +13,7 @@ const validUrl = require('valid-url') const CORS_SETTINGS = { methods: 'GET', - exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, Content-Length, Content-Location, MS-Author-Via', + exposedHeaders: 'Authorization, User, Location, Link, Vary, Last-Modified, Content-Length, Content-Location, MS-Author-Via, X-Powered-By', maxAge: 1728000, origin: true } diff --git a/test/integration/http-test.js b/test/integration/http-test.js index ad61a1134..88f8fa24b 100644 --- a/test/integration/http-test.js +++ b/test/integration/http-test.js @@ -106,7 +106,7 @@ describe('HTTP APIs', function () { .expect('Access-Control-Allow-Origin', 'http://example.com') .expect('Access-Control-Allow-Credentials', 'true') .expect('Access-Control-Allow-Methods', 'OPTIONS,HEAD,GET,PATCH,POST,PUT,DELETE') - .expect('Access-Control-Expose-Headers', 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via') + .expect('Access-Control-Expose-Headers', 'Authorization, User, Location, Link, Vary, Last-Modified, ETag, Accept-Patch, Accept-Post, Updates-Via, Allow, WAC-Allow, Content-Length, WWW-Authenticate, MS-Author-Via, X-Powered-By') .expect(204, done) })