Loading documentation...
Loading documentation...
Loading documentation...
Handles Cross-Origin Resource Sharing (CORS) headers. Allows configuring which origins, methods, and headers are allowed.
// Default (allows all origins)
s.Use(middleware.CORS())
// Allow all (development only)
s.Use(middleware.CORSAllowAll())s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com", "https://app.example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE"},
AllowHeaders: []string{"Authorization", "Content-Type"},
ExposeHeaders: []string{"X-Total-Count"},
AllowCredentials: true,
MaxAge: 86400, // 24 hours
AllowOriginFunc: func(origin string) bool {
// Custom origin validation
return strings.HasSuffix(origin, ".example.com")
},
}))"*" for all)s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{
"https://app.example.com",
"https://admin.example.com",
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOriginFunc: func(origin string) bool {
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"}, // Must be specific, not "*"
AllowCredentials: true,
AllowHeaders: []string{"Authorization", "Content-Type"},
}))Important: When AllowCredentials is true, AllowOrigins cannot contain "*". You must specify exact origins.
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
AllowHeaders: []string{
"Authorization",
"Content-Type",
"X-Request-ID",
"X-Custom-Header",
},
ExposeHeaders: []string{"X-Total-Count", "X-Page-Count"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
MaxAge: 86400, // Cache preflight requests for 24 hours
}))// ❌ Wrong - credentials with wildcard won't work
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
AllowCredentials: true, // Won't work!
}))
// ✅ Correct - specific origins required
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"},
AllowCredentials: true,
}))Handles Cross-Origin Resource Sharing (CORS) headers. Allows configuring which origins, methods, and headers are allowed.
// Default (allows all origins)
s.Use(middleware.CORS())
// Allow all (development only)
s.Use(middleware.CORSAllowAll())s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com", "https://app.example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE"},
AllowHeaders: []string{"Authorization", "Content-Type"},
ExposeHeaders: []string{"X-Total-Count"},
AllowCredentials: true,
MaxAge: 86400, // 24 hours
AllowOriginFunc: func(origin string) bool {
// Custom origin validation
return strings.HasSuffix(origin, ".example.com")
},
}))"*" for all)s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{
"https://app.example.com",
"https://admin.example.com",
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOriginFunc: func(origin string) bool {
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"}, // Must be specific, not "*"
AllowCredentials: true,
AllowHeaders: []string{"Authorization", "Content-Type"},
}))Important: When AllowCredentials is true, AllowOrigins cannot contain "*". You must specify exact origins.
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
AllowHeaders: []string{
"Authorization",
"Content-Type",
"X-Request-ID",
"X-Custom-Header",
},
ExposeHeaders: []string{"X-Total-Count", "X-Page-Count"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
MaxAge: 86400, // Cache preflight requests for 24 hours
}))// ❌ Wrong - credentials with wildcard won't work
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
AllowCredentials: true, // Won't work!
}))
// ✅ Correct - specific origins required
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"},
AllowCredentials: true,
}))// Default (allows all origins)
s.Use(middleware.CORS())
// Allow all (development only)
s.Use(middleware.CORSAllowAll())s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com", "https://app.example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE"},
AllowHeaders: []string{"Authorization", "Content-Type"},
ExposeHeaders: []string{"X-Total-Count"},
AllowCredentials: true,
MaxAge: 86400, // 24 hours
AllowOriginFunc: func(origin string) bool {
// Custom origin validation
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{
"https://app.example.com",
"https://admin.example.com",
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOriginFunc: func(origin string) bool {
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"}, // Must be specific, not "*"
AllowCredentials: true,
AllowHeaders: []string{"Authorization", "Content-Type"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
AllowHeaders: []string{
"Authorization",
"Content-Type",
"X-Request-ID",
"X-Custom-Header",
},
ExposeHeaders: []string{"X-Total-Count", "X-Page-Count"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
MaxAge: 86400, // Cache preflight requests for 24 hours
}))// ❌ Wrong - credentials with wildcard won't work
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
AllowCredentials: true, // Won't work!
}))
// ✅ Correct - specific origins required
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"},
AllowCredentials: true,
}))// Default (allows all origins)
s.Use(middleware.CORS())
// Allow all (development only)
s.Use(middleware.CORSAllowAll())s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com", "https://app.example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE"},
AllowHeaders: []string{"Authorization", "Content-Type"},
ExposeHeaders: []string{"X-Total-Count"},
AllowCredentials: true,
MaxAge: 86400, // 24 hours
AllowOriginFunc: func(origin string) bool {
// Custom origin validation
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{
"https://app.example.com",
"https://admin.example.com",
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOriginFunc: func(origin string) bool {
return strings.HasSuffix(origin, ".example.com")
},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"}, // Must be specific, not "*"
AllowCredentials: true,
AllowHeaders: []string{"Authorization", "Content-Type"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
AllowMethods: []string{"GET", "POST", "PUT", "DELETE", "PATCH"},
AllowHeaders: []string{
"Authorization",
"Content-Type",
"X-Request-ID",
"X-Custom-Header",
},
ExposeHeaders: []string{"X-Total-Count", "X-Page-Count"},
}))s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://example.com"},
MaxAge: 86400, // Cache preflight requests for 24 hours
}))// ❌ Wrong - credentials with wildcard won't work
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"*"},
AllowCredentials: true, // Won't work!
}))
// ✅ Correct - specific origins required
s.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"https://app.example.com"},
AllowCredentials: true,
}))