Access-Control-Expose-Headers` missing for `payment-required` header on 402 responses

Problem

Client-side x402 payment flow fails with:

```
Failed to parse payment requirements: Invalid payment required response
```

### Root Cause

The 402 response from `beta.aimo.network/api/v1/chat/completions` includes the `payment-required` header with valid base64 content, but the response is missing `Access-Control-Expose-Headers`. Per the CORS spec, browsers only expose [safelisted headers](https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header) to JavaScript. Since `payment-required` is non-standard, `response.headers.get("payment-required")` returns `null` in the browser despite the header being present in the actual HTTP response.

This causes `@x402/fetch` to fail before it can sign and retry the request with a `PAYMENT-SIGNATURE` header.

### Current 402 Response Headers

```http
HTTP/1.1 402 Payment Required
payment-required: eyJ4NDAy... (valid base64)
access-control-allow-origin: *
                                    <-- missing Access-Control-Expose-Headers
```

### Fix

Add to 402 responses (and the CORS preflight if applicable):

```http
Access-Control-Expose-Headers: payment-required

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access-Control-Expose-Headers `missing for` payment-required` header on 402 responses #22

Root Cause

Current 402 Response Headers

Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Access-Control-Expose-Headers missing for payment-required` header on 402 responses #22

Description

Root Cause

Current 402 Response Headers

Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Access-Control-Expose-Headers `missing for` payment-required` header on 402 responses #22