From 6b54191df91dfc51e5c4c45445ed5c5a922312c2 Mon Sep 17 00:00:00 2001
From: Rob Wu <rob@robwu.nl>
Date: Sun, 5 Oct 2014 16:07:40 +0200
Subject: [PATCH] 0.2.2 - Expose every response header #12

---
 lib/cors-anywhere.js | 10 +++-------
 package.json         |  2 +-
 2 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/cors-anywhere.js b/lib/cors-anywhere.js
index 9846afd..9715204 100644
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -62,11 +62,7 @@ function withCORS(headers, request) {
     delete request.headers['access-control-request-headers'];
   }
 
-  var exposedHeaders = headers['access-control-expose-headers'] || '';
-  if (!/,\s*location\s*,/i.test(','+exposedHeaders+',')) exposedHeaders += ',location';
-  if (!/,\s*x-request-url\s*,/i.test(','+exposedHeaders+',')) exposedHeaders += ',x-request-url,x-final-url';
-  if (exposedHeaders.charAt(0) === ',') exposedHeaders = exposedHeaders.substr(1);
-  headers['access-control-expose-headers'] = exposedHeaders;
+  headers['access-control-expose-headers'] = Object.keys(headers).join(',');
 
   return headers;
 }
@@ -165,13 +161,13 @@ function onProxyResponse(response, req, res) {
       response.headers['location'] = requestState.proxyBaseUrl + '/' + locationHeader;
     }
   }
-  withCORS(response.headers, req);
 
-  // Don't slip through cookies
+  // Strip cookies
   delete response.headers['set-cookie'];
   delete response.headers['set-cookie2'];
 
   response.headers['x-final-url'] = requestState.location.href;
+  withCORS(response.headers, req);
 }
 
 
diff --git a/package.json b/package.json
index 730b117..f7df47b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cors-anywhere",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "CORS Anywhere is a reverse proxy which adds CORS headers to the proxied request. Request URL is taken from the path", 
   "license": "MIT",
   "author": "Rob Wu <rob@robwu.nl>",