From 5ab7146e191c4160cbecf4c6dec6a0f2ed00e171 Mon Sep 17 00:00:00 2001
From: Shay <hillerys@element.io>
Date: Mon, 20 Mar 2023 11:14:05 -0700
Subject: [PATCH] Add Synapse-Trace-Id to access-control-expose-headers header
 (#14974)

---
 changelog.d/14974.misc | 1 +
 synapse/http/server.py | 4 ++++
 tests/test_server.py   | 4 ++++
 3 files changed, 9 insertions(+)
 create mode 100644 changelog.d/14974.misc

diff --git a/changelog.d/14974.misc b/changelog.d/14974.misc
new file mode 100644
index 000000000..05c5f0144
--- /dev/null
+++ b/changelog.d/14974.misc
@@ -0,0 +1 @@
+Add `Synapse-Trace-Id` to `access-control-expose-headers` header.
diff --git a/synapse/http/server.py b/synapse/http/server.py
index 9314454af..7b760505b 100644
--- a/synapse/http/server.py
+++ b/synapse/http/server.py
@@ -892,6 +892,10 @@ def set_cors_headers(request: SynapseRequest) -> None:
             b"Access-Control-Allow-Headers",
             b"X-Requested-With, Content-Type, Authorization, Date",
         )
+        request.setHeader(
+            b"Access-Control-Expose-Headers",
+            b"Synapse-Trace-Id",
+        )
 
 
 def set_corp_headers(request: Request) -> None:
diff --git a/tests/test_server.py b/tests/test_server.py
index d67d7722a..e266c06a2 100644
--- a/tests/test_server.py
+++ b/tests/test_server.py
@@ -266,6 +266,10 @@ class OptionsResourceTests(unittest.TestCase):
             [b"X-Requested-With, Content-Type, Authorization, Date"],
             "has correct CORS Headers header",
         )
+        self.assertEqual(
+            channel.headers.getRawHeaders(b"Access-Control-Expose-Headers"),
+            [b"Synapse-Trace-Id"],
+        )
 
     def _check_cors_msc3886_headers(self, channel: FakeChannel) -> None:
         # Ensure the correct CORS headers have been added