diff --git a/config/application.rb b/config/application.rb
index f9cc1cb543a74ed72cd7bc3a3b7269cfda4f40e3..3ebd4a3bc36c44eb4cc371a69f98c92eae9b193b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -229,13 +229,15 @@ class Application < Rails::Application
 
     # Allow access to GitLab API from other domains
     config.middleware.insert_before Warden::Manager, Rack::Cors do
+      headers_to_expose = %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page X-Gitlab-Blob-Id X-Gitlab-Commit-Id X-Gitlab-Content-Sha256 X-Gitlab-Encoding X-Gitlab-File-Name X-Gitlab-File-Path X-Gitlab-Last-Commit-Id X-Gitlab-Ref X-Gitlab-Size]
+
       allow do
         origins Gitlab.config.gitlab.url
         resource '/api/*',
           credentials: true,
           headers: :any,
           methods: :any,
-          expose: %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page]
+          expose: headers_to_expose
       end
 
       # Cross-origin requests must not have the session cookie available
@@ -245,7 +247,7 @@ class Application < Rails::Application
           credentials: false,
           headers: :any,
           methods: :any,
-          expose: %w[Link X-Total X-Total-Pages X-Per-Page X-Page X-Next-Page X-Prev-Page]
+          expose: headers_to_expose
       end
     end