elysiajs#33 set access-control-expose header instead of exposed header

src/index.ts

@@ -103,7 +103,7 @@ interface CORSConfig {
     /**
      * @default `*`
      *
-     * Assign **Access-Control-Exposed-Headers** header.
+     * Assign **Access-Control-Expose-Headers** header.
      *
      * Return the specified headers to request in CORS mode.
      *
@@ -289,7 +289,7 @@ export const cors = (
                     : allowedHeaders.join(', ')
 
         if (exposedHeaders.length)
-            set.headers['Access-Control-Exposed-Headers'] =
+            set.headers['Access-Control-Expose-Headers'] =
                 typeof exposedHeaders === 'string'
                     ? exposedHeaders
                     : exposedHeaders.join(', ')

test/exposed-header.test.ts

@@ -15,7 +15,7 @@ describe('Exposed Headers', () => {
             .get('/', () => 'HI')
 
         const res = await app.handle(req('/'))
-        expect(res.headers.get('Access-Control-Exposed-Headers')).toBe(
+        expect(res.headers.get('Access-Control-Expose-Headers')).toBe(
             'Content-Type'
         )
     })
@@ -30,7 +30,7 @@ describe('Exposed Headers', () => {
             .get('/', () => 'HI')
 
         const res = await app.handle(req('/'))
-        expect(res.headers.get('Access-Control-Exposed-Headers')).toBe(
+        expect(res.headers.get('Access-Control-Expose-Headers')).toBe(
             'Content-Type, X-Imaginary-Value'
         )
     })

test/index.test.ts

@@ -12,7 +12,7 @@ describe('CORS', () => {
         expect(res.headers.get('Access-Control-Allow-Origin')).toBe('*')
         expect(res.headers.get('Access-Control-Allow-Methods')).toBe('*')
         expect(res.headers.get('Access-Control-Allow-Headers')).toBe('*')
-        expect(res.headers.get('Access-Control-Exposed-Headers')).toBe('*')
+        expect(res.headers.get('Access-Control-Expose-Headers')).toBe('*')
         expect(res.headers.get('Access-Control-Allow-Credentials')).toBe(null)
     })
 })