Does your API definition documentation include that header in the response definition?
If you add it you might find the gateway's CORS policy will include it for you. Gwscript isn't going to work here - the CORS response is defined by the CORS policy but you should be able to get it to do what you need. Check the docs for that policy?
The starting point is making sure you have documented in your API definition that headers like that will be returned.
------------------------------
Chris Dudley
------------------------------
Original Message:
Sent: Mon February 17, 2025 12:31 PM
From: DevOps IBMer
Subject: Add Content-Disposition to access-control-expose-headers
We have SPA and it is not possible to get value from IBM API Connect response header to extract filename from Content-Disposition. Client JS can't extract values if it is not explicitly set in access-control-expose-headers. When I tried to add Gateways script to add Content-Disposition to access-control-expose-headers, it doesn't get reflected. The values below are not appended. Is there a way to add Content-Disposition to the list below ?
access-control-expose-headers:
APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc
Sam