Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header field Access-Control-Expose-Header is not correctly set due to typo and access of wrong variables #33

Open
KilianB opened this issue Dec 4, 2023 · 2 comments
Open

Header field Access-Control-Expose-Header is not correctly set due to typo and access of wrong variables #33

KilianB opened this issue Dec 4, 2023 · 2 comments
Labels
pending Pending for issue reporter to verify the fix

Comments

@KilianB
Copy link

KilianB commented Dec 4, 2023
edited
Loading

Due to a typo the middleware is setting the header value Access-Control-Exposed-Headers, it should be Access-Control-Expose-Headers, instead. Without the d. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

elysia-cors/src/index.ts

Line 292 in 41e3465

set.headers['Access-Control-Exposed-Headers'] =

Additionally the exposedHeader field is checked in order to set the allowed headers:

elysia-cors/src/index.ts

Lines 251 to 252 in 41e3465

if (exposedHeaders.length)
set.headers['Access-Control-Allow-Headers'] =

KilianB added a commit to KilianB/elysia-cors that referenced this issue Dec 4, 2023
@KilianB
elysiajs#33 set access-control-expose header instead of exposed header
0f4942f
KilianB added a commit to KilianB/elysia-cors that referenced this issue Dec 4, 2023
@KilianB
elysiajs#33 do not set headers in preflight route handler.
2e9fcf9 
The route handler will call into the onRequest method where the headers are set identical to how they are treated for the normal non preflight requests. handleOrigin and handleMethod are called twice without this patch
This was referenced Dec 4, 2023
Closed
Closed
@Mudbill
Copy link

Mudbill commented May 22, 2024

Came here to report the same thing. I do see the Expose header in my response, but I also see Exposed in the list. Spent some time trying to find if there's anything real attached to the Exposed header because it seemed wrong to me. Confusing at the very least.

@SaltyAom
Copy link
Member

SaltyAom commented Jul 9, 2024

Fixed with 6ba3b48, published under 1.0.4

@SaltyAom SaltyAom added the pending Pending for issue reporter to verify the fix label Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending Pending for issue reporter to verify the fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mudbill @KilianB @SaltyAom