๐Ÿ“ฆ go-chi / cors

CORS net/http middleware for Go

โ˜… 405 stars โ‘‚ 38 forks ๐Ÿ‘ 405 watching โš–๏ธ MIT License
cors
๐Ÿ“ฅ Clone https://github.com/go-chi/cors.git
HTTPS git clone https://github.com/go-chi/cors.git
SSH git clone git@github.com:go-chi/cors.git
CLI gh repo clone go-chi/cors
ZIP Desktop VS Code
Maciej Lisiewski Maciej Lisiewski Fix Origin header check (#38) 3a53812 6 months ago ๐Ÿ“ History
๐Ÿ“‚ master View all commits โ†’
๐Ÿ“ _example
๐Ÿ“ .github
๐Ÿ“„ cors_test.go
๐Ÿ“„ cors.go
๐Ÿ“„ go.mod
๐Ÿ“„ LICENSE
๐Ÿ“„ README.md
๐Ÿ“„ utils_test.go
๐Ÿ“„ utils.go
๐Ÿ“„ README.md

CORS net/http middleware

go-chi/cors is a fork of github.com/rs/cors that provides a net/http compatible middleware for performing preflight CORS checks on the server side. These headers are required for using the browser native Fetch API.

This middleware is designed to be used as a top-level middleware on the chi router. Applying with within a r.Group() or using With() will not work without routes matching OPTIONS added.

Install

go get github.com/go-chi/cors

Usage

func main() {
  r := chi.NewRouter()

  // Basic CORS
  // for more ideas, see: https://developer.github.com/v3/#cross-origin-resource-sharing
  r.Use(cors.Handler(cors.Options{
    // AllowedOrigins:   []string{"https://foo.com"}, // Use this to allow specific origin hosts
    AllowedOrigins:   []string{"https://*", "http://*"},
    // AllowOriginFunc:  func(r *http.Request, origin string) bool { return true },
    AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
    AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token"},
    ExposedHeaders:   []string{"Link"},
    AllowCredentials: false,
    MaxAge:           300, // Maximum value not ignored by any of major browsers
  }))

  r.Get("/", func(w http.ResponseWriter, r *http.Request) {
    w.Write([]byte("welcome"))
  })

  http.ListenAndServe(":3000", r)
}

Credits

All credit for the original work of this middleware goes out to github.com/rs.