Can't access response header (x-auth-token sent by spring session)

Question

I'm using

• spring-session-1.3.1
• spring-boot-1.5.9
• jax-rs for my REST API

I did the following to enable SpringSession

aplication.properties

### Spring Session
spring.session.store-type=jdbc

HttpSessionConfig.java

@Configuration
public class HttpSessionConfig
{
    @Bean
    public HttpSessionStrategy httpSessionStrategy() {
        return new HeaderHttpSessionStrategy();
    }
}

Database tables are being created and everything works fine. Now I want to login through my API by calling /login. What I don't understand now is, how do I access the x-auth-token sent by spring session in the response. In the chrome dev tools I can clearly see that the x-auth-token is included in the response header.

But when I try to access the header using angulars httpclient I cant even see it.

this.http.post(this.apiBaseURL + "api/session/login", {
    username: username,
    password: password,
    platform: 'webapp',
    platformVersion: '0.1',
    apiLevel: 1
}, { observe: 'response' })
.subscribe(data => {
    console.log(data.headers.keys());
});

Console output:

Answer 1

This can be resolved by allowing Access-Control-Expose-Headers in header. x-auth-token is a custom header, which need to expose to outside world by allowing above tag. You can use below code to get this resolve.

@Configuration
public class WebSecurityCorsFilter extends OncePerRequestFilter {

    @Override
    public void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain)
            throws IOException, ServletException {
        res.setHeader("Access-Control-Allow-Credentials", "x-auth-token");
    }
}