I'm having a bit of a problem getting a Foxx microservice inside ArangoDB 3.0.4 with authentication to run. The Foxx microservice uses the session middleware to handle authentication. It does that by storing a JWT inside the X-Session-Id header (this shouldn't by specific to using JWT's).
That works fine as long as the client request doesn't include an Origin header. But as soon as this happens (I'm using Cordova and AngularJS's $http client-side, so I can't prevent it), ArangoDB sets all the Access-Control-* headers (if I set them manually, they get overridden). In principle it does this correct, but the Access-Control-Expose-Headers header doesn't contain X-Session-Id. That means, I can't retrieve the JWT at client-side.
How to fix this issue? I've thought of adding the JWT to the payload on every response, but that doesn't sound nice to me at all. Is there any way to configure ArangoDB to include X-Session-Id in the Access-Control-Expose-Headers header?
Thanks in advance for any help on this.
Just run into the same issue. There is now a fix that should be released shortly: https://github.com/arangodb/arangodb/issues/2159