From e2b3761692a74affedf9f4ed602f1fb5880e05ef Mon Sep 17 00:00:00 2001
From: jrojas <jrojas@redlinesolutions.co>
Date: Thu, 18 Jul 2019 19:24:24 -0700
Subject: [PATCH] Add support for Access-Control-Expose-Headers using 'cors'
 configuration.

---
 lib/http-server.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/lib/http-server.js b/lib/http-server.js
index 4cdd1b1c8..c7c8fe20f 100644
--- a/lib/http-server.js
+++ b/lib/http-server.js
@@ -99,12 +99,17 @@ function HttpServer(options) {
   if (options.cors) {
     this.headers['Access-Control-Allow-Origin'] = '*';
     this.headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Range';
+    this.headers['Access-Control-Expose-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Range';
     if (options.corsHeaders) {
       options.corsHeaders.split(/\s*,\s*/)
-          .forEach(function (h) { this.headers['Access-Control-Allow-Headers'] += ', ' + h; }, this);
+          .forEach(function (h) {
+            this.headers['Access-Control-Allow-Headers'] += ', ' + h;
+            this.headers['Access-Control-Expose-Headers'] += ', ' + h;
+          }, this);
     }
     before.push(corser.create(options.corsHeaders ? {
-      requestHeaders: this.headers['Access-Control-Allow-Headers'].split(/\s*,\s*/)
+      requestHeaders: this.headers['Access-Control-Allow-Headers'].split(/\s*,\s*/),
+      responseHeaders: this.headers['Access-Control-Expose-Headers'].split(/\s*,\s*/)
     } : null));
   }