fix(api): expose x-ratelimit-* headers for browser-based applications

2026-02-10 07:47:53 +00:00 · 2024-05-25 13:06:25 +02:00 · 2024-05-25 13:06:25 +02:00 · 0557d2cd7e
commit 0557d2cd7e
parent 6d49961daf
1 changed files with 1 additions and 0 deletions
--- a/services/api/src/middleware/cors.rs
+++ b/services/api/src/middleware/cors.rs
@ -10,6 +10,7 @@ fn add_cors_headers(headers: &mut HeaderMap) {
    headers.append("Access-Control-Allow-Methods", HeaderValue::from_static("*"));
    headers.append("Access-Control-Allow-Credentials", HeaderValue::from_static("true"));
    headers.append("Access-Control-Allow-Headers", HeaderValue::from_static("Content-Type, Authorization, sentry-trace, User-Agent"));
    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset"));
    headers.append("Access-Control-Max-Age", HeaderValue::from_static("86400"));
 }