Expose additional headers to JavaScript via Access-Control-Expose-Headers #398
Description
The Fetch API only exposes "simple/safe" headers to JavaScript by default. Custom headers like x-ratelimit-, x-venice-, x-cashu are filtered out even though they're visible in the Network tab.
To expose additional headers to JavaScript, the server must include them in the Access-Control-Expose-Headers response header. Currently the server only exposes:
Problem
If the client needs x-cashu accessible, the server needs to add it:
Solution
Add the following headers to the Access-Control-Expose-Headers:
- x-cashu
- x-ratelimit-* headers (if applicable)
- x-venice-* headers (if applicable)
This will allow JavaScript to access these headers via the Response object in Fetch API calls.