From 8d9b32ddacc681a575045d4da353367b14198cac Mon Sep 17 00:00:00 2001
From: Morlay <morlay.null@gmail.com>
Date: Tue, 23 Jan 2024 15:32:05 +0800
Subject: [PATCH] fix(cors): supported custom ExposeHeadersHeader

---
 .gitignore                  | 3 ++-
 pkg/http/middleware/cors.go | 7 ++++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 496ee2c..00741cb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
-.DS_Store
\ No newline at end of file
+.DS_Store
+.idea/
\ No newline at end of file
diff --git a/pkg/http/middleware/cors.go b/pkg/http/middleware/cors.go
index 5b73d2b..de90b21 100644
--- a/pkg/http/middleware/cors.go
+++ b/pkg/http/middleware/cors.go
@@ -31,6 +31,7 @@ func DefaultCORS() func(http.Handler) http.Handler {
 			"Origin",
 			"B3",
 			"WWW-Authenticate",
+			"Location",
 			"X-Requested-With",
 			"X-RateLimit-Limit", // follow https://developer.github.com/v3/rate_limit/
 			"X-RateLimit-Remaining",
@@ -135,7 +136,11 @@ func (ch *cors) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			w.Header().Set(corsAllowMethodsHeader, method)
 		}
 	} else {
-		if len(ch.exposedHeaders) > 0 {
+		exposedHeaders := ch.exposedHeaders
+		if v := w.Header().Get(corsExposeHeadersHeader); v != "" {
+			exposedHeaders = append(exposedHeaders, strings.SplitN(v, ",", -1)...)
+		}
+		if len(exposedHeaders) > 0 {
 			w.Header().Set(corsExposeHeadersHeader, strings.Join(ch.exposedHeaders, ","))
 		}
 	}