Get a specific response header (e.g., Content-Disposition) in Angular from an ASP.NET Web API 2 response for a cross-origin http.get request

In the fileController.cs file, along with setting the Content-Type and Content-Disposition response headers, you need to set Access-Control-Expose-Headers:

result.Content.Headers.Add("Access-Control-Expose-Headers", "Content-Disposition");

Note that while the Fetch spec does actually allow "*" as the value of Access-Control-Expose-Headers (though that’s not very clear from reading the current spec text…) — browsers don’t yet conform to the spec on that; so instead you should explicitly list all response header names the browser should expose to your frontend JavaScript code — except for Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma, which are always exposed. For any response headers other than those six and the ones you explicitly list in the value of the Access-Control-Expose-Headers header, browsers block frontend code from accessing them.