'CORS: Browser not expsoing `location` header even though it's allowed in the `Access-Control-Allow-Headers`

I've been doing some work to configure CORS on my API server to restrict access. I'm currently serving the following headers for Access-Control-Allow-Headers from the options preflight.

access-control-allow-headers: location,x-correlation-id,content-range,authorization,accept,content-type,origin

Full OPTIONS preflight response: enter image description here

However, when doing a POST where it returns a 201 response, the location header is not visible in my Axios response object in javascript. This appears to be caused by the browser rejecting the location header based on the CORS policy. I'm not sure what I'm missing that would allow the location header to pass-through to the browser.

POST Response enter image description here

console.log of the response object in code. enter image description here

javascriptbrowsercors


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

React Router with optional path parameter

How to dynamically update google recaptcha sitekey?

How to dynamically update google recaptcha sitekey?

Remove duplicate in a string - javascript

Remove duplicate in a string - javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Searching a string for missing letters of the alphabet in javascript

Find an element in DOM based on an attribute value

Redirecting html page with javascript

Find an element in DOM based on an attribute value

Find an element in DOM based on an attribute value

Redirecting html page with javascript

How to find x and y coordinates of a button while using keyboard navigation?

How to find x and y coordinates of a button while using keyboard navigation?