I took a bit of a look into this, and it seems that Refined is trying to access the X-OAuth-Scopes
header. That is included in the Access-Control-Expose-Headers
header object (so it should be accessible), but looking at the actually available headers in the Response
's Header
object, only a small subset are shown. The header list in the network tab does include the scopes header, but it's lowercased, as x-oauth-scopes
.
Available Headers within the console:
["access-control-allow-origin", "access-control-expose-headers", "cache-control", "content-encoding", "content-security-policy", "content-type", "date", "etag", "referrer-policy", "vary", "x-content-type-options", "x-frame-options", "x-xss-protection"]
This is the value of Access-Control-Expose-Headers
in the network tab:
ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
.