-
Suggestion
-
Resolution: Unresolved
When you use the fetch() API in the browser, you only get a subset of the response headers because of browser security restrictions known as CORS-safelisted response headers.
By default, only a small set of headers (like Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma) are accessible via response.headers.
It would be good to add the names of additional headers to the Access-Control-Expose-Headers header of the preflight request in order for the JavaScript code to access those.
For example the ff:
Retry-After
X-Ratelimit-Limit
X-Ratelimit-Remaining
X-Ratelimit-Reset
A thing to mention: It is not only related to using the fetch API but also to all forge related methods, like "requestJira" from forge bridge.