11 місяців тому · 131f0d5545
--- a/docs/guides/migration-guides.md
+++ b/docs/guides/migration-guides.md
@@ -21,6 +21,9 @@ These cover all the major Uppy versions and how to migrate to them.
 
				 - The Companion [`error` event](https://uppy.io/docs/companion/#events) now no
			
 
				   longer includes `extraData` inside the `payload.error` property. `extraData`
			
 
				   is (and was also before) included in the `payload`.
			
 
				+- `access-control-allow-headers` is no longer included in
			
 
				+  `Access-Control-Expose-Headers`, and `uppy-versions` is no longer an allowed
			
 
				+  header. We are not aware of any issues this might cause.
			
 
				 
			
 
				 ### `@uppy/companion-client`
			
 
				 
			
--- a/packages/@uppy/companion/src/server/middlewares.js
+++ b/packages/@uppy/companion/src/server/middlewares.js
@@ -133,14 +133,11 @@ exports.cors = (options = {}) => (req, res, next) => {
 
				   const existingExposeHeaders = res.get('Access-Control-Expose-Headers')
			
 
				   const exposeHeadersSet = new Set(existingExposeHeaders?.split(',')?.map((method) => method.trim().toLowerCase()))
			
 
				 
			
 
				-  // exposed so it can be accessed for our custom uppy client preflight
			
 
				-  exposeHeadersSet.add('access-control-allow-headers') // todo remove in next major, see https://github.com/transloadit/uppy/pull/4462
			
 
				   if (options.sendSelfEndpoint) exposeHeadersSet.add('i-am')
			
 
				 
			
 
				   // Needed for basic operation: https://github.com/transloadit/uppy/issues/3021
			
 
				   const allowedHeaders = [
			
 
				     'uppy-auth-token',
			
 
				-    'uppy-versions', // todo remove in the future? see https://github.com/transloadit/uppy/pull/4462
			
 
				     'uppy-credentials-params',
			
 
				     'authorization',
			
 
				     'origin',
			
--- a/packages/@uppy/companion/test/__tests__/cors.js
+++ b/packages/@uppy/companion/test/__tests__/cors.js
@@ -39,8 +39,8 @@ describe('cors', () => {
 
				       ['Vary', 'Origin'],
			
 
				       ['Access-Control-Allow-Credentials', 'true'],
			
 
				       ['Access-Control-Allow-Methods', 'PATCH,OPTIONS,POST,GET,DELETE'],
			
 
				-      ['Access-Control-Allow-Headers', 'test-allow-header,uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				-      ['Access-Control-Expose-Headers', 'test,access-control-allow-headers,i-am'],
			
 
				+      ['Access-Control-Allow-Headers', 'test-allow-header,uppy-auth-token,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				+      ['Access-Control-Expose-Headers', 'test,i-am'],
			
 
				       ['Content-Length', '0'],
			
 
				     ])
			
 
				     // expect(next).toHaveBeenCalled()
			
@@ -53,8 +53,7 @@ describe('cors', () => {
 
				       ['Vary', 'Origin'],
			
 
				       ['Access-Control-Allow-Credentials', 'true'],
			
 
				       ['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
			
 
				-      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				-      ['Access-Control-Expose-Headers', 'access-control-allow-headers'],
			
 
				+      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				       ['Content-Length', '0'],
			
 
				     ])
			
 
				   })
			
@@ -70,8 +69,7 @@ describe('cors', () => {
 
				       ['Vary', 'Origin'],
			
 
				       ['Access-Control-Allow-Credentials', 'true'],
			
 
				       ['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
			
 
				-      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				-      ['Access-Control-Expose-Headers', 'access-control-allow-headers'],
			
 
				+      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				       ['Content-Length', '0'],
			
 
				     ])
			
 
				   })
			
@@ -83,8 +81,7 @@ describe('cors', () => {
 
				       ['Vary', 'Origin'],
			
 
				       ['Access-Control-Allow-Credentials', 'true'],
			
 
				       ['Access-Control-Allow-Methods', 'GET,POST,OPTIONS,DELETE'],
			
 
				-      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-versions,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				-      ['Access-Control-Expose-Headers', 'access-control-allow-headers'],
			
 
				+      ['Access-Control-Allow-Headers', 'uppy-auth-token,uppy-credentials-params,authorization,origin,content-type,accept'],
			
 
				       ['Content-Length', '0'],
			
 
				     ])
			
 
				   })