Setting ExposeHeaders CORS policy for R2

Hi all,

Currently we’re trying to swap S3 with R2 for an application that uses Uppy and AWS S3 Multipart uploading. This setup requires a correct CORS policy, including the configuration of ExposeHeaders. I was able to successfully setup most of the CORS policy using either the S3Client Node.js package or by simply using Postman.

The problem I’m running into however is that it doesn’t seem to be possible to set ExposeHeaders.

Example code

The following code executes without any errors:

 const response = await s3Client.send(
        new PutBucketCorsCommand({
            Bucket: process.env.BUCKET_NAME,
            CORSConfiguration: {
                CORSRules: new Array({
                    AllowedHeaders: ["content-type"],
                    AllowedMethods: ["PUT"],
                    AllowedOrigins: ["*"],
                    ExposeHeaders:  ["ETag"],
                    MaxAgeSeconds: 3000,

Making a direct PUT request to https://{{BUCKET}}.{{ACCOUNT}} using Postman also works:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="">


Both seem to correctly set AllowedHeaders, AllowedMethods and AllowedOrigin, but ExposeHeaders will remain undefined in both cases.

Am I missing something here, or is setting the ExposeHeader value simply not supported at the moment?