cors

package

v1.6.1 Latest Latest Go to latest Published: Apr 27, 2025 License: Apache-2.0 Imports: 4 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/CloudLearnersOrg/golib

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cors provides Cross-Origin Resource Sharing (CORS) middleware for the Gin framework.

CORS is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served. This package helps implement proper CORS headers for your Gin-based API server.

Basic Usage:

To use the default CORS configuration:

router := gin.Default()
router.Use(cors.Middleware())

Custom Configuration:

To customize CORS settings:

router := gin.Default()
corsConfig := cors.DefaultConfig()
corsConfig.AllowOrigins = []string{"http://example.com", "https://yourdomain.com"}
corsConfig.AllowCredentials = true
router.Use(cors.New(corsConfig))

Environment-Based Configuration:

You can also load CORS configuration from environment variables:

router := gin.Default()
corsConfig := cors.Config{
    AllowOrigins:     strings.Split(os.Getenv("CORS_ALLOW_ORIGINS"), ","),
    AllowMethods:     strings.Split(os.Getenv("CORS_ALLOW_METHODS"), ","),
    AllowHeaders:     strings.Split(os.Getenv("CORS_ALLOW_HEADERS"), ","),
    ExposeHeaders:    strings.Split(os.Getenv("CORS_EXPOSE_HEADERS"), ","),
    AllowCredentials: os.Getenv("CORS_ALLOW_CREDENTIALS") == "true",
}
router.Use(cors.New(corsConfig))

Configuration Options:

- AllowOrigins: Which origins can make requests. Use ["*"] to allow any origin. - AllowMethods: HTTP methods that can be used. - AllowHeaders: HTTP headers that can be used in requests. - ExposeHeaders: HTTP headers that can be exposed to browsers. - AllowCredentials: Whether requests can include credentials (cookies, auth headers).

Security Considerations:

When AllowCredentials is true, you cannot use the wildcard "*" for AllowOrigins. You must specify exact origins for security reasons.

2. For production APIs, always specify exact origins rather than using the wildcard "*".

3. Include "X-CSRF-Token" in AllowHeaders if you're implementing CSRF protection.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Middleware ¶

func Middleware() gin.HandlerFunc

Middleware creates a CORS middleware with default configuration

func New ¶

func New(config Config) gin.HandlerFunc

New returns a new CORS middleware with the provided config

Types ¶

type Config ¶

type Config struct {
	// AllowOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// Default value is ["*"]
	AllowOrigins []string

	// AllowMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET, POST, PUT, PATCH, DELETE, OPTIONS)
	AllowMethods []string

	// AllowHeaders is list of non-simple headers the client is allowed to use with
	// cross-domain requests.
	AllowHeaders []string

	// ExposeHeaders indicates which headers are safe to expose to the API
	ExposeHeaders []string

	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool
}

Config represents the configuration for CORS middleware

func DefaultConfig ¶

func DefaultConfig() Config

DefaultConfig returns a generic default configuration

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL