Access-Control-Expose-Headers: ETag CORS header

[NoUDerp]

While the access-control-allow-origin header is set to all, allowing CORS requests, the ETag header is not visible to client-side Javascript due to the CORS standard: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

The server must provide an explicit white listing of valid http headers that the client-side Javascript is able to see, and ETag is not one of the default visible headers - it is stripped out by the browser.

I'd like to make use of the ETag header in the prescribed way but have no way of seeing it client-side without this header provided by the server.

The easy solution is adding an additional http header "Access-Control-Expose-Headers: ETag" or "Access-Control-Expose-Headers: *"

[hayden-t]

'the server' is that yours or clapfoots ? i had similar topic with my node js script, i had to set cors origin to my domain with the sse channel library i was using

[NoUDerp]

I have no server, it's a web app. The cross site scripting is enabled, but specifically the ETag not being enabled prevents me from using the cache mechanism (which I can store with localStorage).

[hayden-t]

ah ok

[S0yKaf]

Same issue here. if requests are made to the API on the client side, CORS settings will not show the Etag header. You need to expose this header otherwise client side apps have no way of making use of the Etag feature.

I'm forced to always refresh the full dynamic list every time I check if the map updated. pretty wasteful.