=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2014-12-30 22:33:23 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/filter/CorsFilter.java	2014-12-30 22:48:33 +0000
@@ -68,6 +68,8 @@
 
     private static final String ALLOWED_HEADERS = "Accept, Content-Type, Authorization, X-Requested-With";
 
+    private static final String EXPOSED_HEADERS = "ETag";
+
     private static final Integer MAX_AGE = 60 * 60; // 1hr max-age
 
     @Override
@@ -81,6 +83,7 @@
 
         response.addHeader( CORS_ALLOW_CREDENTIALS, "true" );
         response.addHeader( CORS_ALLOW_ORIGIN, origin );
+        response.addHeader( CORS_EXPOSE_HEADERS, EXPOSED_HEADERS );
 
         if ( isPreflight( request ) )
         {