Specifying telemetry response header yields "Refused to get unsafe header"
luax opened this issue · comments
Hello!
I configured autoInstrument
to include the response header Request-Id
only:
autoInstrument: {
network: true,
log: true,
dom: true,
navigation: true,
connectivity: true,
networkResponseHeaders: ['Request-Id'],
networkResponseBody: false,
networkRequestBody: false,
}
But got this error message in Chrome (Refused to get unsafe header "Request-Id"
):
Setting networkResponseHeaders
to true
does not include Request-Id
either. Potentially related blog post about this error.
Is this indented?
Thank you,
Ludvig
Under CORS security, the HTTP response must include the Access-Control-Expose-Headers
header in its response, and whitelist the specific headers the client is allowed to access. This is implemented and enforced by the browser.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
Thanks @waltjones!