# HG changeset patch
# User Goffi <goffi@goffi.org>
# Date 1597516087 -7200
# Node ID 2ad14b8347309a83f77964d3cc5431cc6eb87f8e
# Parent  c560aae54f5fed7424d64d679b35c5a3162d0eb4
component file sharing: added `Access-Control-Expose-Headers` CORS header:

without this header, the range header in response was not exposed to client. This could
cause trouble is a javascript application was needing to access it.

diff -r c560aae54f5f -r 2ad14b834730 sat/plugins/plugin_comp_file_sharing.py
--- a/sat/plugins/plugin_comp_file_sharing.py	Thu Aug 13 23:46:18 2020 +0200
+++ b/sat/plugins/plugin_comp_file_sharing.py	Sat Aug 15 20:28:07 2020 +0200
@@ -115,8 +115,15 @@
     def render(self, request):
         request.setHeader("Access-Control-Allow-Origin", "*")
         request.setHeader("Access-Control-Allow-Methods", "OPTIONS, HEAD, GET, PUT")
-        request.setHeader("Access-Control-Allow-Headers", "Content-Type, Xmpp-File-Path, Xmpp-File-No-Http")
+        request.setHeader(
+            "Access-Control-Allow-Headers",
+            "Content-Type, Range, Xmpp-File-Path, Xmpp-File-No-Http")
         request.setHeader("Access-Control-Allow-Credentials", "true")
+        request.setHeader("Accept-Ranges", "bytes")
+
+        request.setHeader(
+            "Access-Control-Expose-Headers",
+            "Date, Content-Length, Content-Range")
         return super().render(request)
 
     def render_OPTIONS(self, request):