From a5c372c37c269904e1e6cad5d53d2a3a543779a2 Mon Sep 17 00:00:00 2001
From: Ruben Verborgh <ruben@verborgh.org>
Date: Sun, 27 Dec 2020 15:15:55 +0100
Subject: [PATCH] fix: Expose Location header via CORS.

Fixes https://github.com/solid/community-server/issues/441
---
 config/presets/middleware.json      | 1 +
 test/integration/Middleware.test.ts | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/config/presets/middleware.json b/config/presets/middleware.json
index 134a37874..380d0e8fe 100644
--- a/config/presets/middleware.json
+++ b/config/presets/middleware.json
@@ -17,6 +17,7 @@
             "DELETE"
           ],
           "CorsHandler:_options_exposedHeaders": [
+            "Location",
             "Updates-Via"
           ]
         },
diff --git a/test/integration/Middleware.test.ts b/test/integration/Middleware.test.ts
index 660040a0a..93a85e137 100644
--- a/test/integration/Middleware.test.ts
+++ b/test/integration/Middleware.test.ts
@@ -11,7 +11,7 @@ const port = 6002;
 
 class SimpleHttpHandler extends HttpHandler {
   public async handle(input: { request: HttpRequest; response: HttpResponse }): Promise<void> {
-    input.response.writeHead(200);
+    input.response.writeHead(200, { location: '/' });
     input.response.end('Hello World');
   }
 }
@@ -65,6 +65,12 @@ describe('An Express server with middleware', (): void => {
     expect(res.header).toEqual(expect.objectContaining({ 'access-control-allow-origin': 'test.com' }));
   });
 
+  it('exposes the Location header via CORS.', async(): Promise<void> => {
+    const res = await request(server).get('/').expect(200);
+    const exposed = res.header['access-control-expose-headers'];
+    expect(exposed.split(/\s*,\s*/u)).toContain('Location');
+  });
+
   it('sends incoming requests to the handler.', async(): Promise<void> => {
     const response = request(server).get('/').set('Host', 'test.com');
     expect(response).toBeDefined();