Access-Control-Expose-Headers for pagination with cors_plug

Sardoan · June 29, 2018, 12:47pm

Hi,
I am using scrivener headers in my app and the cors_plug. It seems cors_plug removes the headers generated by scrivener. I am consuming my phoenix api with a javascript client.
I would like to add the headers, so I can use the pagination, but no idea how to add them to the configuration.
I use in my endpoin.ex this configuration: plug CORSPlug, origin: ~r/http:\/\/localhost:3333$|https:\/\/.*\.xxx$/

How can I add the Access-Control-Expose-Headers to my endpoint?
With the jquery ajax call and request.getAllResponseHeaders() I get only the default headers (header spec)

With Postman and Browser the headers are visible.

I am a bit lost.

mnussbaumer · June 29, 2018, 12:50pm

You can add a headers key

I use this on my endpoints

plug CORSPlug, origin: &__MODULE__.cors_preflight/0, max_age: 86400, headers: ["Authorization", "Content-Type", "Accept", "Origin", "User-Agent", "DNT","Cache-Control", "X-Mx-ReqToken", "Keep-Alive", "X-Requested-With", "If-Modified-Since", "Bearer", "X-File-Name"]

I think you need to add all headers there, you can view in the corsplug repository the default headers, copy them and add your own to the list

Sardoan · June 29, 2018, 1:00pm

Checked the defaults before:
headers: ["Authorization", "Content-Type", "Accept", "Origin", "User-Agent", "DNT","Cache-Control", "X-Mx-ReqToken", "Keep-Alive", "X-Requested-With", "If-Modified-Since", "X-CSRF-Token"]
Did not know how to add the link, page… headers from scrivener headers to it, since not mentioned in the docs.
Do I need to add this as new line or add it instead of my code I posted above? If yes, where do I add the allowed origins?

corsplug has inside the default this key: expose: [],. Thought it is meant for Expose-Headers and I could somehow set my headers there.

mnussbaumer · July 6, 2018, 11:25am

You just add them to the plug line, as comma separated key-values. What I posted though is for the preflight to be approved when the client request contains extra headers such as “Bearer” and “X-File-Name”, I imagine the expose_headers would be to allow adding headers to the response

Sardoan · June 29, 2018, 1:24pm

Yes, headers to the response, that is what I want. I use JWT for authentification with bearer, works. My problem is the response, which returns link, page_count… this get filters since it is not allowed as Access-Control-Expose-Headers so I would like to add the headers scrivener header adds to the response. I can see the headers in the browser, but Access-Control-Expose-Headers are empty in the browser, so it seems this blocks javascript from fetching the header keys and values from the response. I use the paging parameters in the get requests as get parameters (?page=1,page_size=20…) This works. But I need to fetch the headers with prev, next, last first, which I can not access atm within javascript, because not exposed in the response.

Sardoan · June 29, 2018, 3:04pm

Thanks,
I changed my code to
plug CORSPlug, origin: ~r/http:\/\/localhost:3333$|https:\/\/.*\.xxx$/, expose: ["link", "page-number", "per-page", "total", "total-pages"]
Now I get the scrivener-header generated headers