From e8f78636586aeca15632bcfbf0cae20beb2d66a6 Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@esilibrary.com>
Date: Thu, 21 Aug 2014 10:02:14 -0700
Subject: [PATCH] LP#1002028: set Access-Control-Expose-Headers

This allows the OpenSRF JavaScript client library (or
to be precise, one that has been modified to direct
requests at a different domain) to take advantage of CORS
support.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
---
 src/gateway/apachetools.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/gateway/apachetools.c b/src/gateway/apachetools.c
index e7343dd..d3975d3 100644
--- a/src/gateway/apachetools.c
+++ b/src/gateway/apachetools.c
@@ -201,6 +201,7 @@ int crossOriginHeaders(request_rec* r, osrfStringArray* allowedOrigins) {
 	apr_table_set(r->headers_out, "Access-Control-Allow-Origin", origin);
 	apr_table_set(r->headers_out, "Access-Control-Allow-Methods", "POST,OPTIONS");
 	apr_table_set(r->headers_out, "Access-Control-Allow-Headers", OSRF_HTTP_ALL_HEADERS);
+	apr_table_set(r->headers_out, "Access-Control-Expose-Headers", OSRF_HTTP_ALL_HEADERS);
 
 	osrfLogInfo(OSRF_LOG_MARK, "Set cross-origin headers for request from %s", origin);
 
-- 
2.43.2