#### 分析

Cross-Origin Resource Sharing 标准可知，默认的情况下，ETag 是会被屏蔽的，所以需要在 server 端设置 Access-Control-Expose-Headers headers

#### 7.1.1 Handling a Response to a Cross-Origin Request

User agents must filter out all response headers other than those that are a simple response header or of which the field name is an ASCII case-insensitive match for one of the values of the Access-Control-Expose-Headers headers (if any), before exposing response headers to APIs defined in CORS API specifications.
Note: The getResponseHeader() method of XMLHttpRequest will therefore not expose any header not indicated above.