From f9788bc12988636b03ffd3d00da10f8d58a13a37 Mon Sep 17 00:00:00 2001
From: Robert Schilling <rschilling@student.tugraz.at>
Date: Thu, 2 Mar 2017 10:14:22 +0100
Subject: CORS: Whitelist pagination headers

---
 changelogs/unreleased/expose-pagination-headers.yml | 4 ++++
 config/application.rb                               | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/unreleased/expose-pagination-headers.yml

diff --git a/changelogs/unreleased/expose-pagination-headers.yml b/changelogs/unreleased/expose-pagination-headers.yml
new file mode 100644
index 00000000000..1b4cd43fa06
--- /dev/null
+++ b/changelogs/unreleased/expose-pagination-headers.yml
@@ -0,0 +1,4 @@
+---
+title: 'CORS: Whitelist pagination headers'
+merge_request: 9651
+author: Robert Schilling
diff --git a/config/application.rb b/config/application.rb
index 9088d3c432b..45f3b20d214 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -120,7 +120,7 @@ module Gitlab
           credentials: true,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
 
       # Cross-origin requests must not have the session cookie available
@@ -130,7 +130,7 @@ module Gitlab
           credentials: false,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
     end
 
-- 
cgit v1.2.1