From 2d0f8f35a1879a3e1bfd176659b495dfa0a7db07 Mon Sep 17 00:00:00 2001
From: Michael Tiller <michael.tiller@gmail.com>
Date: Mon, 9 Jan 2023 22:03:55 -0500
Subject: [PATCH] fix: add missing CORS headers

According to [this](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#the_http_response_headers), there are two standard CORS headers
that are missing here, `Access-Control-Expose-Headers` and
`Access-Control-Allow-Credentials`.
---
 context.go | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/context.go b/context.go
index 84ae24e3..e73369e3 100644
--- a/context.go
+++ b/context.go
@@ -19,13 +19,15 @@ import (
 // explicitly being documented. Mostly they are low-level HTTP headers that
 // control access or connection settings.
 var allowedHeaders = map[string]bool{
-	"access-control-allow-origin":  true,
-	"access-control-allow-methods": true,
-	"access-control-allow-headers": true,
-	"access-control-max-age":       true,
-	"connection":                   true,
-	"keep-alive":                   true,
-	"vary":                         true,
+	"access-control-allow-origin":      true,
+	"access-control-expose-headers":    true,
+	"access-control-allow-methods":     true,
+	"access-control-allow-headers":     true,
+	"access-control-allow-credentials": true,
+	"access-control-max-age":           true,
+	"connection":                       true,
+	"keep-alive":                       true,
+	"vary":                             true,
 }
 
 // AddAllowedHeader adds a header to the list of allowed headers for the response.