expose-header

The expose-header entry specifies which headers the reverse proxy returns, if any, in the Access-Control-Expose-Headers header to cross-origin requests.

expose-header = <header-name>

Description

Response headers which clients are allowed to expose. This configuration entry might be specified multiple times to specify multiple headers that can be exposed. This adds the following header to responses to cross-origin requests:

Access-Control-Expose-Headers = <header1>, <header2>, ..., <headerN>

• All specified headers are returned as a comma separated list in a single Access-Control-Expose-Headers header.
• This value is not considered when processing cross-origin requests and this header is only used to advise the client of additional headers it may expose.

Options

header-name

This name of the header which should be added to the Access-Control-Expose-Header header.

Usage: Optional

Default value None

Example:

expose-header = X-IBM-APP-NAME
expose-header = X-IBM-APP-VERSION

Parent topic: [cors-policy:policy-name] stanza