fix: Access-Control-Expose-Headers only set on preflight (#84)

`Access-Control-Expose-Headers` should be only the full request, NOT the preflight: > An HTTP response to a CORS request that is not a CORS-preflight request can also include the following header https://fetch.spec.whatwg.org/#http-access-control-expose-headers
graycoreio · Feb 7, 2024 · f2515c8 · f2515c8
1 parent 1e8ec61
commit f2515c8
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/Response/HeaderProvider/CorsExposeHeadersProvider.php b/Response/HeaderProvider/CorsExposeHeadersProvider.php
@@ -57,6 +57,6 @@ public function getValue()
 
     public function canApply(): bool
     {
-        return $this->validator->isPreflightRequest() && $this->validator->originIsValid() && $this->getValue();
+        return !$this->validator->isPreflightRequest() && $this->validator->originIsValid() && $this->getValue();
     }
 }