Anne van Kesteren wrote:
On Tue, 16 Jun 2009 16:18:25 +0200, Web Applications Working Group Issue
Tracker <sysbot+trac...@w3.org> wrote:
In
http://lists.w3.org/Archives/Public/public-webapps/2009AprJun/0967.html
Mark Nottingham comments on the asymmetry of exposing the body of the
response but only a tiny subset of the headers. He argues for
* Expanding this whitelist and
* Giving responses of resources a way to indicate which headers are
ok to expose
or
* Turning it into a blacklist
He indicated he was not satisfied deferring this issue to CORS2 and
considers it a showstopper for CORS1.
To resolve ISSUE-90 I added a new header Access-Control-Expose-Headers
that controls which additional headers are exposed to the API.
http://dev.w3.org/2006/waf/access-control/#http-access-control-expose-headers
fantastic :)!