From f9788bc12988636b03ffd3d00da10f8d58a13a37 Mon Sep 17 00:00:00 2001 From: Robert Schilling Date: Thu, 2 Mar 2017 10:14:22 +0100 Subject: [PATCH] CORS: Whitelist pagination headers --- changelogs/unreleased/expose-pagination-headers.yml | 4 ++++ config/application.rb | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 changelogs/unreleased/expose-pagination-headers.yml diff --git a/changelogs/unreleased/expose-pagination-headers.yml b/changelogs/unreleased/expose-pagination-headers.yml new file mode 100644 index 00000000000..1b4cd43fa06 --- /dev/null +++ b/changelogs/unreleased/expose-pagination-headers.yml @@ -0,0 +1,4 @@ +--- +title: 'CORS: Whitelist pagination headers' +merge_request: 9651 +author: Robert Schilling diff --git a/config/application.rb b/config/application.rb index 9088d3c432b..45f3b20d214 100644 --- a/config/application.rb +++ b/config/application.rb @@ -120,7 +120,7 @@ module Gitlab credentials: true, headers: :any, methods: :any, - expose: ['Link'] + expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page'] end # Cross-origin requests must not have the session cookie available @@ -130,7 +130,7 @@ module Gitlab credentials: false, headers: :any, methods: :any, - expose: ['Link'] + expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page'] end end