You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The route handler will call into the onRequest method where the headers are set identical to how they are treated for the normal non preflight requests. handleOrigin and handleMethod are called twice without this patch
Came here to report the same thing. I do see the Expose header in my response, but I also see Exposed in the list. Spent some time trying to find if there's anything real attached to the Exposed header because it seemed wrong to me. Confusing at the very least.
Due to a typo the middleware is setting the header value Access-Control-Exposed-Headers, it should be
Access-Control-Expose-Headers
, instead. Without the d. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headerselysia-cors/src/index.ts
Line 292 in 41e3465
Additionally the exposedHeader field is checked in order to set the allowed headers:
elysia-cors/src/index.ts
Lines 251 to 252 in 41e3465
The text was updated successfully, but these errors were encountered: