diff --git a/changelog.d/14974.misc b/changelog.d/14974.misc new file mode 100644 index 000000000000..05c5f0144427 --- /dev/null +++ b/changelog.d/14974.misc @@ -0,0 +1 @@ +Add `Synapse-Trace-Id` to `access-control-expose-headers` header. diff --git a/synapse/http/server.py b/synapse/http/server.py index 9314454af106..7b760505b25a 100644 --- a/synapse/http/server.py +++ b/synapse/http/server.py @@ -892,6 +892,10 @@ def set_cors_headers(request: SynapseRequest) -> None: b"Access-Control-Allow-Headers", b"X-Requested-With, Content-Type, Authorization, Date", ) + request.setHeader( + b"Access-Control-Expose-Headers", + b"Synapse-Trace-Id", + ) def set_corp_headers(request: Request) -> None: diff --git a/tests/test_server.py b/tests/test_server.py index d67d7722a485..e266c06a2cbf 100644 --- a/tests/test_server.py +++ b/tests/test_server.py @@ -266,6 +266,10 @@ def _check_cors_standard_headers(self, channel: FakeChannel) -> None: [b"X-Requested-With, Content-Type, Authorization, Date"], "has correct CORS Headers header", ) + self.assertEqual( + channel.headers.getRawHeaders(b"Access-Control-Expose-Headers"), + [b"Synapse-Trace-Id"], + ) def _check_cors_msc3886_headers(self, channel: FakeChannel) -> None: # Ensure the correct CORS headers have been added