API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Add Content-Disposition to access-control-expose-headers

  • 1.  Add Content-Disposition to access-control-expose-headers

    Posted Mon February 17, 2025 01:40 PM
    Edited by DevOps IBMer Tue February 18, 2025 12:09 AM

    We have SPA and it is not possible to get value from IBM API Connect response header to extract filename from Content-Disposition. Client JS can't extract values if it is not explicitly set in access-control-expose-headers. When I tried to add Gateways script to add Content-Disposition to access-control-expose-headers, it doesn't get reflected. The values below are not appended. Is there a way to add Content-Disposition to the list below ?

     

    access-control-expose-headers:

    APIm-Debug-Trans-Id, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset, X-BurstLimit-Limit, X-BurstLimit-Remaining, X-CountLimit-Limit, X-CountLimit-Remaining, Retry-After, X-Global-Transaction-ID, Location, X-APIC-Debug-OAuth-Error, X-APIC-Debug-OAuth-Error-Desc

     

     

    Sam



  • 2.  RE: Add Content-Disposition to access-control-expose-headers

    Posted Tue February 18, 2025 03:47 AM

    Does your API definition documentation include that header in the response definition?

    If you add it you might find the gateway's CORS policy will include it for you. Gwscript isn't going to work here - the CORS response is defined by the CORS policy but you should be able to get it to do what you need. Check the docs for that policy?

    The starting point is making sure you have documented in your API definition that headers like that will be returned.



    ------------------------------
    Chris Dudley
    ------------------------------

    Original Message