cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

The Hub is now in read-only mode as we make improvements to the Hub experience. More information is available here.

Access-Control-Expose-Headers

jlguenego
Mt. Kenya

I would like to show to my users that they are using the Strava API with limit (100 request per 15 minutes, etc.)

The Strava API has HTTP response header for that : 

X-Ratelimit-Usage and X-Ratelimit-Limit
 
I would like to use them in the HTTP javascript fetch API. But I need the CORS Setting for that: Access-Control-Expose-Headers
 
Thanks if you can add it. 😊
2 REPLIES 2

donkeyKongan
Mt. Kenya

okay, I figured this out. Has to be done on the server side. For security the browser respects cors, makes sense to not expose headers. On a server-side request, you can ignore the directive and get to the headers. I created a endpoint on my server to hit the strava api, then pointed my front end js to my own endpoint. same site doesn't have the cors issue but I just passed them along in the payload rather then adding them to my headers. hopefully that makes sense and helps someone.

donkeyKongan
Mt. Kenya

I have the same issue/ request. How are we supposed to handle rate limiting as suggested in the CORS setting doesn't allow us the view the header that tells the usage?

Ready, Get Set, Go!

Welcome to the Community - here is your guide to help you get started!


Know how to use Community


Understand Community Settings