No need to include Content-Type in Access-Control-Expose-Headers, fix #80

Author: michielbdejong

draft-dejong-remotestorage-04.txt

@@ -613,8 +613,7 @@ Internet-Draft              remoteStorage                  December 2014
          Access-Control-Allow-Origin: *
          Access-Control-Allow-Methods: GET
          Access-Control-Allow-Headers: If-Match, If-None-Match
-         Access-Control-Expose-Headers: ETag, Content-Type, Content-Len\
-gth
+         Access-Control-Expose-Headers: ETag, Content-Length
          Content-Type: application/jrd+json
 
          {
@@ -648,14 +647,14 @@ motestorage-04",
     the user's "myfavoritedrinks" scope:
 
         GET /oauth/michiel?redirect_uri=https%3A%2F%2Fdrinks-unhosted.5\
+apps.com%2F&scope=myfavoritedrinks%3Arw&client_id=https%3A%2F%2Fdrinks-\
 
 
 de Jong                                                        [Page 13]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-apps.com%2F&scope=myfavoritedrinks%3Arw&client_id=https%3A%2F%2Fdrinks-\
 unhosted.5apps.com&response_type=token HTTP/1.1
         Host: 3pp.io
 
@@ -698,14 +697,14 @@ XjzzzHNjkd1CJxoQubA1o%3D&token_type=bearer&state=
 12.4. OPTIONS preflight
 
     When an in-browser application makes a cross-origin request which
+    may affect the server-state, the browser will make a preflight
 
 
 de Jong                                                        [Page 14]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-    may affect the server-state, the browser will make a preflight
     request first, with the OPTIONS verb, for instance:
 
         OPTIONS /storage/michiel/myfavoritedrinks/ HTTP/1.1
@@ -750,12 +749,12 @@ ntent-Type, Origin, X-Requested-With, If-Match, If-None-Match
 12.6. Subsequent PUT
 
 
+
 de Jong                                                        [Page 15]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-
     A subsequent PUT may contain an 'If-Match' header referring to the
     ETag previously returned, like this:
 
@@ -798,14 +797,14 @@ e.io/spec/modules/myfavoritedrinks/drink"}
     Or a 200 OK status, plus a response body:
 
         HTTP/1.1 200 OK
+        Access-Control-Allow-Origin: https://drinks-unhosted.5apps.com
 
 
 de Jong                                                        [Page 16]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-        Access-Control-Allow-Origin: https://drinks-unhosted.5apps.com
         Content-Type: application/json; charset=UTF-8
         Content-Length: 106
         ETag: "1382694048000"
@@ -848,14 +847,14 @@ charset=UTF-8","Content-Length":106}}}
         Referer: https://drinks-unhosted.5apps.com/?
         If-Match: "1382694045000"
 
+    And the server may respond with a 412 Conflict or a 200 OK status:
 
 
 de Jong                                                        [Page 17]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-    And the server may respond with a 412 Conflict or a 200 OK status:
 
         HTTP/1.1 412 Conflict
         Access-Control-Allow-Origin: https://drinks-unhosted.5apps.com
@@ -898,14 +897,14 @@ Internet-Draft              remoteStorage                  December 2014
     to the root folder, it is not necessary to poll each document for
     changes individually.
 
+    As an example, the root folder may contain 10 directories,
 
 
 de Jong                                                        [Page 18]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-    As an example, the root folder may contain 10 directories,
     each of which contain 10 directories, which each contain 10
     documents, so their paths would be for instance '/0/0/1', '/0/0/2',
     etcetera. Then one GET request to the root folder '/' will be
@@ -948,14 +947,14 @@ Internet-Draft              remoteStorage                  December 2014
     therefore NOT be used for anything else, and the user SHOULD be
     warned not to visit any web pages on that origin. In particular, the
     OAuth dialog and launch dashboard or token revokation interface
+    SHOULD be on a different origin than the remoteStorage interface.
 
 
 de Jong                                                        [Page 19]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-    SHOULD be on a different origin than the remoteStorage interface.
 
     Where the use of bearer tokens is impractical, a user may choose to
     store documents on hard-to-guess URLs whose path after
@@ -1000,12 +999,12 @@ Internet-Draft              remoteStorage                  December 2014
         Levels", BCP 14, RFC 2119, March 1997.
 
 
+
 de Jong                                                        [Page 20]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-
     [IRI]
         Duerst, M., "Internationalized Resource Identifiers (IRIs)",
         RFC 3987, January 2005.
@@ -1048,14 +1047,14 @@ Internet-Draft              remoteStorage                  December 2014
 
     [CORS]
         van Kesteren, Anne (ed), "Cross-Origin Resource Sharing --
+        W3C Candidate Recommendation 29 January 2013",
 
 
 de Jong                                                        [Page 21]
 
 Internet-Draft              remoteStorage                  December 2014
 
 
-        W3C Candidate Recommendation 29 January 2013",
         http://www.w3.org/TR/cors/, January 2013.
 
     [MANIFEST]
@@ -1100,4 +1099,5 @@ Internet-Draft              remoteStorage                  December 2014
 
 
 
+
 de Jong                                                        [Page 22]

source.txt

@@ -529,8 +529,7 @@ g.com HTTP/1.1
          Access-Control-Allow-Origin: *
          Access-Control-Allow-Methods: GET
          Access-Control-Allow-Headers: If-Match, If-None-Match
-         Access-Control-Expose-Headers: ETag, Content-Type, Content-Len\
-gth
+         Access-Control-Expose-Headers: ETag, Content-Length
          Content-Type: application/jrd+json
 
          {