Expose Labrinth Response Headers via CORS

[IsAvaible]

Is your suggested enhancement related to a problem? Please describe.

Dear Dev Team,

I am the developer of a web-based update checker that heavily relies on the Modrinth API. Some users of my application attempt to update a large number of mods simultaneously (~150+), which frequently triggers rate limiting by the API.

The issue I'm facing is that when the rate limiting occurs, the required CORS headers are not included in the response (as outlined in #874), and the Access-Control-Expose-Headers header is also not set. This makes it difficult to track important information such as the remaining tokens and time until reset from the API's headers.

To mitigate this, I have implemented a client-side method to track these values manually. However, this approach has proven to be inconsistent, resulting in unreliable functionality.

Describe the solution you'd like

To make web-based API wrappers more feasible and improve consistency, could you please include the Access-Control-Expose-Headers header in the API responses? Specifically, exposing the rate-limiting-related headers (e.g., X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) would allow developers like me to reliably manage rate limits on the client side.

Describe alternatives you've considered

No response

Additional context

As seen on the picture, the rate-limiting-related headers are included in the response, but I can't read them in my application due to CORS (only access-control-allow-origin is set).

Thank you for considering this request.

Best Regards
Simon