This is documentation about a configuration directive, which can be placed within Movable Type’s core configuration file,
mt-config.cgi, to customize the behavior of the system.
DataAPICORSExposeHeaders is used to specify the Access-Control-Expose-Headers header value sent from the Data API end point.
If a customized header from a plug-in is set as the response header value, the user must first get permission to use the header from the external site.
If the request is made from a site that is permitted to use the Data API, set-up using the DataAPICORSAllowOrigin configuration directive, and sends an access request, the specified Access-Control-Expose-Headers header will be returned as part of the REST query response. If any of the previous conditions are not true, the Access-Control-Expose-Headers header will not be sent.
DataAPICORSExposeHeaders X-MT-Authorization, X-Requested-With, X-Some-Request-Value
DataAPICORSExposeHeaders X-MT-Authorization, X-Requested-With