diff --git a/module/Common/src/Middleware/LocaleMiddleware.php b/module/Common/src/Middleware/LocaleMiddleware.php
index 6970f803..9ac49e00 100644
--- a/module/Common/src/Middleware/LocaleMiddleware.php
+++ b/module/Common/src/Middleware/LocaleMiddleware.php
@@ -13,6 +13,8 @@ use function explode;
 
 class LocaleMiddleware implements MiddlewareInterface
 {
+    private const ACCEPT_LANGUAGE = 'Accept-Language';
+
     /**
      * @var Translator
      */
@@ -36,11 +38,11 @@ class LocaleMiddleware implements MiddlewareInterface
      */
     public function process(Request $request, DelegateInterface $delegate): Response
     {
-        if (! $request->hasHeader('Accept-Language')) {
+        if (! $request->hasHeader(self::ACCEPT_LANGUAGE)) {
             return $delegate->handle($request);
         }
 
-        $locale = $request->getHeaderLine('Accept-Language');
+        $locale = $request->getHeaderLine(self::ACCEPT_LANGUAGE);
         $this->translator->setLocale($this->normalizeLocale($locale));
         return $delegate->handle($request);
     }
diff --git a/module/Common/test/Middleware/LocaleMiddlewareTest.php b/module/Common/test/Middleware/LocaleMiddlewareTest.php
index 35b6aa3a..b06ce23d 100644
--- a/module/Common/test/Middleware/LocaleMiddlewareTest.php
+++ b/module/Common/test/Middleware/LocaleMiddlewareTest.php
@@ -49,19 +49,25 @@ class LocaleMiddlewareTest extends TestCase
 
     /**
      * @test
+     * @dataProvider provideLanguages
      */
-    public function localeGetsNormalized()
+    public function localeGetsNormalized(string $lang, string $expected)
     {
-        $delegate = TestUtils::createReqHandlerMock();
+        $handler = TestUtils::createReqHandlerMock();
 
         $this->assertEquals('ru', $this->translator->getLocale());
 
-        $request = ServerRequestFactory::fromGlobals()->withHeader('Accept-Language', 'es_ES');
-        $this->middleware->process($request, $delegate->reveal());
-        $this->assertEquals('es', $this->translator->getLocale());
+        $request = ServerRequestFactory::fromGlobals()->withHeader('Accept-Language', $lang);
+        $this->middleware->process($request, $handler->reveal());
+        $this->assertEquals($expected, $this->translator->getLocale());
+    }
 
-        $request = ServerRequestFactory::fromGlobals()->withHeader('Accept-Language', 'en-US');
-        $this->middleware->process($request, $delegate->reveal());
-        $this->assertEquals('en', $this->translator->getLocale());
+    public function provideLanguages(): array
+    {
+        return [
+            ['ru', 'ru'],
+            ['es_ES', 'es'],
+            ['en-US', 'en'],
+        ];
     }
 }
diff --git a/module/Core/config/routes.config.php b/module/Core/config/routes.config.php
index a7aabd5b..1d2359a5 100644
--- a/module/Core/config/routes.config.php
+++ b/module/Core/config/routes.config.php
@@ -1,6 +1,7 @@
 <?php
 declare(strict_types=1);
 
+use Fig\Http\Message\RequestMethodInterface as RequestMethod;
 use RKA\Middleware\IpAddress;
 use Shlinkio\Shlink\Core\Action;
 use Shlinkio\Shlink\Core\Middleware;
@@ -15,7 +16,7 @@ return [
                 IpAddress::class,
                 Action\RedirectAction::class,
             ],
-            'allowed_methods' => ['GET'],
+            'allowed_methods' => [RequestMethod::METHOD_GET],
         ],
         [
             'name' => 'pixel-tracking',
@@ -24,7 +25,7 @@ return [
                 IpAddress::class,
                 Action\PixelAction::class,
             ],
-            'allowed_methods' => ['GET'],
+            'allowed_methods' => [RequestMethod::METHOD_GET],
         ],
         [
             'name' => 'short-url-qr-code',
@@ -33,13 +34,13 @@ return [
                 Middleware\QrCodeCacheMiddleware::class,
                 Action\QrCodeAction::class,
             ],
-            'allowed_methods' => ['GET'],
+            'allowed_methods' => [RequestMethod::METHOD_GET],
         ],
         [
             'name' => 'short-url-preview',
             'path' => '/{shortCode}/preview',
             'middleware' => Action\PreviewAction::class,
-            'allowed_methods' => ['GET'],
+            'allowed_methods' => [RequestMethod::METHOD_GET],
         ],
 
         // Old QR code route. Deprecated
@@ -50,7 +51,7 @@ return [
                 Middleware\QrCodeCacheMiddleware::class,
                 Action\QrCodeAction::class,
             ],
-            'allowed_methods' => ['GET'],
+            'allowed_methods' => [RequestMethod::METHOD_GET],
         ],
     ],
 
diff --git a/module/Rest/src/Middleware/CrossDomainMiddleware.php b/module/Rest/src/Middleware/CrossDomainMiddleware.php
index dc4bf9d6..a5896c57 100644
--- a/module/Rest/src/Middleware/CrossDomainMiddleware.php
+++ b/module/Rest/src/Middleware/CrossDomainMiddleware.php
@@ -8,6 +8,8 @@ use Psr\Http\Message\ResponseInterface as Response;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use Shlinkio\Shlink\Rest\Authentication;
+use function implode;
 
 class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterface
 {
@@ -31,7 +33,10 @@ class CrossDomainMiddleware implements MiddlewareInterface, RequestMethodInterfa
 
         // Add Allow-Origin header
         $response = $response->withHeader('Access-Control-Allow-Origin', $request->getHeader('Origin'))
-                             ->withHeader('Access-Control-Expose-Headers', 'Authorization');
+                             ->withHeader('Access-Control-Expose-Headers', implode(', ', [
+                                 Authentication\Plugin\ApiKeyHeaderPlugin::HEADER_NAME,
+                                 Authentication\Plugin\AuthorizationHeaderPlugin::HEADER_NAME,
+                             ]));
         if ($request->getMethod() !== self::METHOD_OPTIONS) {
             return $response;
         }