Merge branch 'expose-pagination-headers' into 'master'

CORS: Whitelist pagination headers

Closes #28405

See merge request !9651

2 files changed, 6 insertions, 2 deletions

diff --git a/changelogs/unreleased/expose-pagination-headers.yml b/changelogs/unreleased/expose-pagination-headers.yml
new file mode 100644
index 00000000000..1b4cd43fa06
--- /dev/null
+++ b/changelogs/unreleased/expose-pagination-headers.yml
@@ -0,0 +1,4 @@
+---
+title: 'CORS: Whitelist pagination headers'
+merge_request: 9651
+author: Robert Schilling
diff --git a/config/application.rb b/config/application.rb
index 9088d3c432b..45f3b20d214 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -120,7 +120,7 @@ module Gitlab
           credentials: true,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
 
       # Cross-origin requests must not have the session cookie available
@@ -130,7 +130,7 @@ module Gitlab
           credentials: false,
           headers: :any,
           methods: :any,
-          expose: ['Link']
+          expose: ['Link', 'X-Total', 'X-Total-Pages', 'X-Per-Page', 'X-Page', 'X-Next-Page', 'X-Prev-Page']
       end
     end