Luke Puplett February 2016
Microsoft.Owin.Cors doesn't return `Access-Control-Expose-Headers`
Many blog postings out on the web today say that with a WebAPI 2.0 project and OWIN, enabling CORS is easy.
However, I've never seen an
Access-Control-Expose-Headers returned from my API, either in a response to a GET or an OPTIONS preflight.
I've altered my
UseCors setup code to explicitly set a list of header names to expose in the CORS policy.
I haven't the CORS knowledge to assert that
Microsoft.Owin.Cors package is broken, though I have a hunch that it is and that blogger's are only testing primitive APIs.
Asked in February 2016
Viewed 3,824 times
Answered 1 times
Leave an answer
Quote of the day: live life