From d0f41dd9288a473b3067caf5f6f9be96f89457e8 Mon Sep 17 00:00:00 2001
From: alyssa <alyssa@mailc.net>
Date: Fri, 27 Sep 2024 04:30:00 +0900
Subject: [PATCH] fix(api): add x-ratelimit-scope to cors allowed headers

---
 services/api/src/middleware/cors.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/api/src/middleware/cors.rs b/services/api/src/middleware/cors.rs
index a3c73279..c94b3f6f 100644
--- a/services/api/src/middleware/cors.rs
+++ b/services/api/src/middleware/cors.rs
@@ -11,7 +11,7 @@ fn add_cors_headers(headers: &mut HeaderMap) {
     headers.append("Access-Control-Allow-Methods", HeaderValue::from_static("*"));
     headers.append("Access-Control-Allow-Credentials", HeaderValue::from_static("true"));
     headers.append("Access-Control-Allow-Headers", HeaderValue::from_static("Content-Type, Authorization, sentry-trace, User-Agent"));
-    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset"));
+    headers.append("Access-Control-Expose-Headers", HeaderValue::from_static("X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-RateLimit-Scope"));
     headers.append("Access-Control-Max-Age", HeaderValue::from_static("86400"));
 }