Access-Control-Expose-Headers: X-Auth-Token

import org.apache.cxf.rs.security.cors.CrossOriginResourceSharingFilter;
...
	@Bean
	public CrossOriginResourceSharingFilter crossOriginResourceSharingFilter() {
		final CrossOriginResourceSharingFilter corsf = new CrossOriginResourceSharingFilter();
		final List<String> exposeHeaders = new ArrayList<>(corsf.getExposeHeaders());
		exposeHeaders.add("X-Auth-Token");
		log.debug("exposeHeaders: {}", String.join(", ", exposeHeaders));
		corsf.setExposeHeaders(exposeHeaders);
		return corsf;
	}
...

See also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Access-Control-Expose-Headers
http://cxf.apache.org/docs/jax-rs-cors.html

Advertisements

#apache-cxf, #cors, #java, #jax-rs, #spring-boot, #spring-session