Pre-flighted JavaScript requests

PUT request with response exposing a header

Summary

When JavaScript code makes a cross-origin PUT request, the response can optionally expose headers to it.

The Access-Control-Expose-Headers response header must be set on the main request, with a comma-separated list of header names to be exposed.

Instructions

1. Hit green button below
2. Verify response headers contains best-header-ever header
3. Optionally check network requests in Developer Tools (F12)