The Cors module supports ExposedHeaders

[hyzx86]

Is your feature request related to a problem? Please describe.

Asynchronous file download scenarios require the api to include the file name in the response header.
Just like attachment; filename="myfile.xlsx";

Because some scenarios may need to generate download files through user submitted data, but this request is a cross-domain request initiated through WebApi.
Then in this case, do we hardcode ContentDisposition for the default policy directly after the user has enabled the Cors module, or provide an option for the user to fill in, just like the Origin property?

Describe the solution you'd like

My recommendation is to configure directly to the default policy

policy.ExposedHeaders.Add(HeaderNames.ContentDisposition);

Describe alternatives you've considered

Providing a drop-down menu or text box for the user to choose from may increase the cost of development and learning.
Or provide a Json version for the user to configure directly

[sebastienros]

Are there any existing APIs in Orchard that generate files and don't set this header?

[hyzx86]

Are there any existing APIs in Orchard that generate files and don't set this header?

Probably not, because most of the current OC is used directly through MVC pages, so they are homologous, this configuration only needs to be configured when cross-domain requests are made.

[hyzx86]

Indeed, it should be implemented in custom code