Whenever my Chrome browser makes a request to the REST api server a browser error appears in console saying Refused to get unsafe header "Content-Range". Now I've managed to fix this in my vanilla express server (i.e. without StrongLoop) in two distinct ways:
res.header("Access-Control-Expose-Headers") ORallowedHeaders and exposedHeaders options (see https://github.com/TroyGoode/node-cors#configuration-options)Now how can I achieve this in my StrongLoop instance? Official SL documentation only talks about cors.origin and cors.credentials, see http://docs.strongloop.com/display/public/LB/config.json.
Have I missed anything?
UPDATE with the best solution:
// config.json
"cors": {
"origin": true,
"credentials": true,
"allowedHeaders": ["X-Requested-With"],
"exposedHeaders": ["Content-Range"]
},
We use node-cors behind the scene. The cors options configured in config.json will be passed to node-cors. Can you try that?