Whenever my Chrome browser makes a request to the REST api server a browser error appears in console saying Refused to get unsafe header "Content-Range". Now I've managed to fix this in my vanilla express server (i.e. without StrongLoop) in two distinct ways:
- manually setting response headers
res.header("Access-Control-Expose-Headers")OR - using the node-cors
allowedHeadersandexposedHeadersoptions (see https://github.com/TroyGoode/node-cors#configuration-options)
Now how can I achieve this in my StrongLoop instance? Official SL documentation only talks about cors.origin and cors.credentials, see http://docs.strongloop.com/display/public/LB/config.json.
Have I missed anything?
UPDATE with the best solution:
// config.json
"cors": {
"origin": true,
"credentials": true,
"allowedHeaders": ["X-Requested-With"],
"exposedHeaders": ["Content-Range"]
},
