Access-Control-Expose-Headers for pagination with cors_plug

I am using scrivener headers in my app and the cors_plug. It seems cors_plug removes the headers generated by scrivener. I am consuming my phoenix api with a javascript client.
I would like to add the headers, so I can use the pagination, but no idea how to add them to the configuration.
I use in my endpoin.ex this configuration: plug CORSPlug, origin: ~r/http:\/\/localhost:3333$|https:\/\/.*\.xxx$/

How can I add the Access-Control-Expose-Headers to my endpoint?
With the jquery ajax call and request.getAllResponseHeaders() I get only the default headers (header spec)

With Postman and Browser the headers are visible.

I am a bit lost.

You can add a headers key

I use this on my endpoints

plug CORSPlug, origin: &__MODULE__.cors_preflight/0, max_age: 86400, headers: ["Authorization", "Content-Type", "Accept", "Origin", "User-Agent", "DNT","Cache-Control", "X-Mx-ReqToken", "Keep-Alive", "X-Requested-With", "If-Modified-Since", "Bearer", "X-File-Name"]

I think you need to add all headers there, you can view in the corsplug repository the default headers, copy them and add your own to the list

Checked the defaults before:
headers: ["Authorization", "Content-Type", "Accept", "Origin", "User-Agent", "DNT","Cache-Control", "X-Mx-ReqToken", "Keep-Alive", "X-Requested-With", "If-Modified-Since", "X-CSRF-Token"]
Did not know how to add the link, page… headers from scrivener headers to it, since not mentioned in the docs.
Do I need to add this as new line or add it instead of my code I posted above? If yes, where do I add the allowed origins?

corsplug has inside the default this key: expose: [],. Thought it is meant for Expose-Headers and I could somehow set my headers there.

You just add them to the plug line, as comma separated key-values. What I posted though is for the preflight to be approved when the client request contains extra headers such as “Bearer” and “X-File-Name”, I imagine the expose_headers would be to allow adding headers to the response

Yes, headers to the response, that is what I want. I use JWT for authentification with bearer, works. My problem is the response, which returns link, page_count… this get filters since it is not allowed as Access-Control-Expose-Headers so I would like to add the headers scrivener header adds to the response. I can see the headers in the browser, but Access-Control-Expose-Headers are empty in the browser, so it seems this blocks javascript from fetching the header keys and values from the response. I use the paging parameters in the get requests as get parameters (?page=1,page_size=20…) This works. But I need to fetch the headers with prev, next, last first, which I can not access atm within javascript, because not exposed in the response.

I changed my code to
plug CORSPlug, origin: ~r/http:\/\/localhost:3333$|https:\/\/.*\.xxx$/, expose: ["link", "page-number", "per-page", "total", "total-pages"]
Now I get the scrivener-header generated headers :slight_smile: