Http Response headers missing in chrome, but with Postman they show up

By default CORS responses only exposes these 6 headers to scripts:

  • Cache-Control
  • Content-Language
  • Content-Type
  • Expires
  • Last-Modified
  • Pragma

To allow scripts to access other headers sent by the sever, the server needs to send the Access-Control-Expose-Headers Header.

The Access-Control-Expose-Headers response header indicates which headers can be exposed to scripts as part of the response by listing their names.

eg: Access-Control-Expose-Headers: Authorization, X-Foobar

You can tweak your web.xml file including this to allow the Authorization header to be accessed from the script that made the XHR:

<init-param>
  <param-name>cors.exposedHeaders</param-name>
  <par‌​am-value>Authorizati‌​on</param-value>
<ini‌​t-param>

Tags:

Rest

Angular

Recent Posts