Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

expose header is empty

See original GitHub issue

Given those details:

ruby 2.4.0 rails: 5.2.1 rack-cors: 1.0.2 and 1.0.3

active_model_serializers: 0.10.7 api-pagination: 4.8.2 pagy: 3.2.1

config/initializers/cors.rb

Rails.application.config.middleware.insert_before 0, Rack::Cors, debug: true do
    allow do
    origins '*' # TODO remember to update this
    resource '*',
      headers: :any,
      expose: ['Per-Page', 'Total', 'Link', 'ETag'],
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end

bundle exec rake middleware

use Rack::Cors
use Rack::Cors
use Rack::Sendfile
use ActionDispatch::Static
use ActionDispatch::Executor
use ActiveSupport::Cache::Strategy::LocalCache::Middleware
use Rack::Runtime
use ActionDispatch::RequestId
use ActionDispatch::RemoteIp
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
run StarterProjectApi::Application.routes

The headers for expose are blank.

What I see is two calls to use Rack::Cors. Debugging the gem, I found that when the self.expos is informed, the first time that it does, it fills correct, but at the same time is called, it’s empty.

lib/rack/cors.rb (gem)
row 353: self.expose = opts[:expose] ? [opts[:expose]].flatten : nil

The first iteration is informed, I can see the expose details, but at the next iteration, they are gone. I say two iterations from the same connection, there is only ONE connection, but two iterations.

What can be the error of the two consequent calls of it?

But, if I use this code, the expose headers are exposed, but with other problems:

Rails.application.config.middleware.use Rack::Cors do
    allow do
    origins '*'
    resource '*',
      headers: :any,
      expose: ['Per-Page', 'Total', 'Link', 'ETag'],
      methods: [:get, :post, :put, :patch, :delete, :options, :head]
  end
end

bundle exec rake middleware

use Rack::Cors
use Rack::Sendfile
use ActionDispatch::Static
use ActionDispatch::Executor
use ActiveSupport::Cache::Strategy::LocalCache::Middleware
use Rack::Runtime
use ActionDispatch::RequestId
use ActionDispatch::RemoteIp
use Rails::Rack::Logger
use ActionDispatch::ShowExceptions
use ActionDispatch::DebugExceptions
use ActionDispatch::Reloader
use ActionDispatch::Callbacks
use ActiveRecord::Migration::CheckPending
use Rack::Head
use Rack::ConditionalGet
use Rack::ETag
use Rack::Cors

This is what I get in Chrome Network Inspector

The debug mode adds de X-Rack-CORS-… and I can see there my expose headers. Even the allow-methods are different

Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: 
Access-Control-Max-Age: 1728000
Cache-Control: max-age=0, private, must-revalidate
Content-Type: application/vnd.api+json; charset=utf-8
ETag: W/"276e5bd150f2ad894c30a5f23d13b13c"
Link: <http://localhost:3000/api/v1/posts?filter%5Btags%5D=ocean&page=21>; rel="last", <http://localhost:3000/api/v1/posts?filter%5Btags%5D=ocean&page=2>; rel="next"
Per-Page: 10
Total: 204
Transfer-Encoding: chunked
Vary: Origin
X-Rack-CORS: hit
X-Rack-CORS-Original-Access-Control-Allow-Methods: GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD
X-Rack-CORS-Original-Access-Control-Allow-Origin: *
X-Rack-CORS-Original-Access-Control-Expose-Headers: Per-Page, Total, Link, ETag
X-Rack-CORS-Original-Access-Control-Max-Age: 1728000
X-Request-Id: e97aba03-f730-4f5c-90d0-ca92c70047c5
X-Runtime: 0.171081

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:5 (2 by maintainers)

Top GitHub Comments

2reactions

cyucommented, Nov 20, 2019

@mongeta My guess is that you have another instance of Rack::Cors somewhere. I’m not sure how that would cause these issues, but I would try to clear that up first. Perhaps it is also defined in config.ru or application.rb?

0reactions

cyucommented, May 22, 2020

Closing this issue. @raimon-kantox If you’re still having this issue, please feel free to re-open (with more information of course).

Top Results From Across the Web

Access-Control-Expose-Headers - HTTP - MDN Web Docs

The Access-Control-Expose-Headers response header allows a server to indicate which response headers should be made available to scripts ...

How to get Response Headers when response is empty?

1 Answer 1 · I'm still getting null const httpOptions = { headers: new HttpHeaders({ 'Content-Type': 'application/json' } .append('Access-Control ...

Cross-Origin Resource Sharing

If the list of exposed headers is not empty add one or more Access-Control-Expose-Headers headers, with as values the header field names ...

ASP.NET Core 3, IIS and empty HTTP headers

HTTP headers are key/value pairs sent at the beginning of a request or ... An empty header is valid according to the HTTP...

HTTP header manipulation — envoy 1.25.0-dev-23eacb ...

For example, the following configuration uses %RESPONSE_CODE% operator to modify request headers using code from the response. The output is an empty string, ......