Almost all headers sent must be put in Access-Control-Expose-Headers: header

[timbl]

After the following HTTP response to a cross-origin request,,

Accept-Patch:application/json, application/sparql-update
Accept-Post:text/turtle, application/json
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:3080
Access-Control-Expose-Headers:User, Location, Link, Vary, Last-Modified, WWW-Authenticate, Content-Length
Access-Control-Max-Age:1728000
Allow:OPTIONS, HEAD, GET, PATCH, POST, PUT, MKCOL, DELETE, COPY, MOVE, LOCK, UNLOCK
Content-Length:125
Content-Type:text/turtle
Date:Mon, 14 Dec 2015 02:44:13 GMT
Etag:"0ef7501076e73af247da041123cdd4cc"
Link:<https://timbl.databox.me/solid/issues/state.ttl,acl>; rel="acl", <https://timbl.databox.me/solid/issues/state.ttl,meta>; rel="meta"
Link:<http://www.w3.org/ns/ldp#Resource>; rel="type"
Ms-Author-Via:DAV, SPARQL
Updates-Via:wss://timbl.databox.me/
User:https://www.w3.org/People/Berners-Lee/card#i

the client JS code was only shown; content-type, User, Link and Content-Length.

Missing included for example:

Accept-Patch, Accept-Post, Allow, and Updates-Via, Ms-Author-Via

Maybe the code to add headers should also add to the Access-Control-Expose-Headers: list or something.