From f4d467c99892ad713b311595d5807236b37e40fa Mon Sep 17 00:00:00 2001
From: Sven Fuchs <me@svenfuchs.com>
Date: Thu, 11 Oct 2012 13:27:58 +0200
Subject: [PATCH] whitelist Cache-Control, Expires, Last-Modified for cors

---
 lib/travis/api/app/middleware/cors.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/travis/api/app/middleware/cors.rb b/lib/travis/api/app/middleware/cors.rb
index dc98a4e4..5a93b7a3 100644
--- a/lib/travis/api/app/middleware/cors.rb
+++ b/lib/travis/api/app/middleware/cors.rb
@@ -10,12 +10,12 @@ class Travis::Api::App
       before do
         headers['Access-Control-Allow-Origin']      = "*"
         headers['Access-Control-Allow-Credentials'] = "true"
-        headers['Access-Control-Expose-Headers']    = "Content-Type"
+        headers['Access-Control-Expose-Headers']    = "Content-Type, Cache-Control, Expires, Etag, Last-Modified"
       end
 
       options // do
         headers['Access-Control-Allow-Methods'] = "HEAD, GET, POST, PATCH, PUT, DELETE"
-        headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept"
+        headers['Access-Control-Allow-Headers'] = "Content-Type, Authorization, Accept, If-None-Match, If-Modified-Since"
       end
     end
   end