CORS: Whitelist pagination headersexpose-pagination-headers

author: Robert Schilling <rschilling@student.tugraz.at> 2017-03-02 10:14:22 +0100
committer: Robert Schilling <rschilling@student.tugraz.at> 2017-03-02 10:14:22 +0100
commit: f9788bc12988636b03ffd3d00da10f8d58a13a37 (patch)
tree: 156e0bfda3536cfac7378c6123b72f24a6aa436d
parent: d4154195329b0a823848df8ceae144aebd6ccf6b (diff)
download: gitlab-ce-expose-pagination-headers.tar.gz
2 files changed, 6 insertions, 2 deletions
diff --git a/changelogs/unreleased/expose-pagination-headers.yml b/changelogs/unreleased/expose-pagination-headers.yml
new file mode 100644
index 00000000000..1b4cd43fa06
--- /dev/null
+++ b/changelogs/unreleased/expose-pagination-headers.yml
@@ -0,0 +1,4 @@
+---
+title: 'CORS: Whitelist pagination headers'
+merge_request: 9651
+author: Robert Schilling
diff --git a/config/application.rb b/config/application.rb
index 9088d3c432b..45f3b20d214 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -120,7 +120,7 @@ module Gitlab
           credentials: true,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
 
       # Cross-origin requests must not have the session cookie available
@@ -130,7 +130,7 @@ module Gitlab
           credentials: false,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
     end
author	Robert Schilling <rschilling@student.tugraz.at>	2017-03-02 10:14:22 +0100
committer	Robert Schilling <rschilling@student.tugraz.at>	2017-03-02 10:14:22 +0100
commit	f9788bc12988636b03ffd3d00da10f8d58a13a37 (patch)
tree	156e0bfda3536cfac7378c6123b72f24a6aa436d
parent	d4154195329b0a823848df8ceae144aebd6ccf6b (diff)
download	gitlab-ce-expose-pagination-headers.tar.gz