fix(api): add x-ratelimit-scope to cors allowed headers

2026-02-04 04:56:49 +00:00 · 2024-09-27 04:30:00 +09:00 · 2024-09-27 04:30:00 +09:00 · d0f41dd928
commit d0f41dd928
parent 2fbd885855
1 changed files with 1 additions and 1 deletions
--- a/services/api/src/middleware/cors.rs
+++ b/services/api/src/middleware/cors.rs
@ -11,7 +11,7 @@ fn add_cors_headers(headers: &mut HeaderMap) {
    headers.append("Access-Control-Allow-Methods", HeaderValue::from_static("*"));
    headers.append("Access-Control-Allow-Credentials", HeaderValue::from_static("true"));
    headers.append("Access-Control-Allow-Headers", HeaderValue::from_static("Content-Type, Authorization, sentry-trace, User-Agent"));
-    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset"));
+    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Scope"));
    headers.append("Access-Control-Max-Age", HeaderValue::from_static("86400"));
 }