In my case I had to enable CORS-related feature on the server side:
Access-Control-Expose-Headers: Content-Disposition
This allows javascript on the browser side to read this header.
In case of node.js + express + cors on the server side it may looks like this:
app.use(cors({
origin: 'http://localhost:8080',
credentials: true,
exposedHeaders: ['Content-Disposition']
}))
So I can see “content-disposition” among the headers, returned by Axios.