XmlHttpRequest getAllResponseHeaders() not returning all the headers

Question

I'm trying to get the response headers from an ajax request but jQuery's getAllResponseHeaders xhr method only displays the "Content-Type" header. Anyone know why?

This is the response header
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:If-Modified-Since, Cache-Control, Content-Type, Keep-Alive, X-Requested-With, Authorization
Access-Control-Allow-Methods:GET, PUT, POST, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1728000
Authorization:apikey="apikey1" AuthenticationToken="62364GJHGJHG"
Connection:keep-alive
Content-Length:240
Content-Type:application/json; charset=utf-8
X-Powered-By:Express

This is the success function

params.success = function (response, textStatus, jqXHR) {
  console.log(jqXHR.getAllResponseHeaders())
}

This is what it logs...
Content-Type: application/json; charset=utf-8

Answer 1

Just ran into this. It's because you're doing a CORS request and you're not exposing the Location header.

You need to add a Access-Control-Expose-Headers to your preflight CORS response in Express:

res.header('Access-Control-Expose-Headers', 'Content-Type, Location');
res.send(200);

That will solve the issue.

Answer 2

according to the following

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers

The Access-Control-Expose-Headers response header indicates which headers can be exposed as part of the response by listing their names.

By default, only the 7 CORS-safelisted response headers are exposed:

Cache-Control
Content-Language
Content-Length
Content-Type
Expires
Last-Modified
Pragma

So this will work perfectly for all headers to be accessible and exposed

res.header('Access-Control-Expose-Headers', '*');