{"id":13837332,"url":"https://github.com/jub0bs/fcors","last_synced_at":"2025-08-17T13:32:33.090Z","repository":{"id":65029386,"uuid":"580797569","full_name":"jub0bs/fcors","owner":"jub0bs","description":"a principled CORS middleware library for Go... but consider using jub0bs/cors (its successor) instead","archived":false,"fork":false,"pushed_at":"2024-05-02T06:40:03.000Z","size":412,"stargazers_count":82,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-05-03T09:15:38.987Z","etag":null,"topics":["cors","go","golang","http","middleware","server","web-security"],"latest_commit_sha":null,"homepage":"https://pkg.go.dev/github.com/jub0bs/fcors","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jub0bs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"jub0bs"}},"created_at":"2022-12-21T13:28:29.000Z","updated_at":"2024-05-30T03:15:30.650Z","dependencies_parsed_at":"2024-02-02T22:23:47.676Z","dependency_job_id":"3f6db625-44fd-413a-aacb-8d7dfd0b34ad","html_url":"https://github.com/jub0bs/fcors","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jub0bs%2Ffcors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jub0bs%2Ffcors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jub0bs%2Ffcors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jub0bs%2Ffcors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jub0bs","download_url":"https://codeload.github.com/jub0bs/fcors/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230131124,"owners_count":18178046,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cors","go","golang","http","middleware","server","web-security"],"created_at":"2024-08-04T15:01:06.625Z","updated_at":"2025-08-17T13:32:33.073Z","avatar_url":"https://github.com/jub0bs.png","language":"Go","funding_links":["https://github.com/sponsors/jub0bs"],"categories":["Go"],"sub_categories":[],"readme":"# jub0bs/fcors\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/jub0bs/fcors.svg)](https://pkg.go.dev/github.com/jub0bs/fcors)\n[![license](https://img.shields.io/badge/License-MIT-yellow.svg?style=flat)](https://github.com/jub0bs/fcors/raw/main/LICENSE)\n[![build](https://github.com/jub0bs/fcors/actions/workflows/fcors.yml/badge.svg)](https://github.com/jub0bs/fcors/actions/workflows/fcors.yml)\n[![codecov](https://codecov.io/gh/jub0bs/fcors/branch/main/graph/badge.svg?token=N208BHWQTM)](https://codecov.io/gh/jub0bs/fcors)\n[![goreport](https://goreportcard.com/badge/jub0bs/fcors)](https://goreportcard.com/report/jub0bs/fcors)\n\nAn experimental CORS middleware library for Go.\n\nUnless you're a big fan of [functional options][funcopts],\nyou should use [github.com/jub0bs/cors][jub0bs-cors] instead.\n\n- [About CORS](https://github.com/jub0bs/fcors/#about-cors)\n- [Design philosophy](https://github.com/jub0bs/fcors/#design-philosophy)\n- [Praise for fcors](https://github.com/jub0bs/fcors/#praise-for-jub0bsfcors)\n- [Installation](https://github.com/jub0bs/fcors/#installation)\n- [Example](https://github.com/jub0bs/fcors/#example)\n- [Documentation](https://github.com/jub0bs/fcors/#documentation)\n- [Code coverage](https://github.com/jub0bs/fcors/#code-coverage)\n- [License](https://github.com/jub0bs/fcors/#license)\n\n## About CORS\n\nThe [Same-Origin Policy (SOP)][mdn-sop] is a security mechanism that\nWeb browsers implement to protect their users.\nIn particular, the SOP restricts cross-origin network access\nin terms of both sending and reading.\n[Cross-Origin Resource Sharing (CORS)][mdn-cors] is a protocol that\nlets servers instruct browsers to relax those restrictions for select clients.\n\njub0bs/fcors allows you to configure and build [net/http][net-http] middleware\nthat implement CORS.\n\n## Design philosophy\n\njub0bs/fcors is designed to be both easier to use and harder to misuse\nthan other CORS middleware libraries; see\n[_Fearless CORS: a design philosophy for CORS middleware libraries\n(and a Go implementation)_][fearless-cors] and\n[_Useful Functional-Options Tricks for Better Libraries_\n(GopherCon Europe 2023)][funcopts].\n\n## Praise for jub0bs/fcors\n\n\u003e I really like the declarative API. It lets you say what behavior you want\n\u003e rather than setting specific headers. It means that, as a user,\n\u003e you don’t have to relearn the nuances of CORS every time you want to make\n\u003e a change.\n\nPaul Carleton (Staff Software Engineer at [Stripe][stripe])\n\n## Installation\n\n```shell\ngo get github.com/jub0bs/fcors\n```\n\njub0bs/fcors requires Go 1.23 or above.\n\n## Example\n\nThe following program demonstrates how to create a CORS middleware that\n\n- allows anonymous access from Web origin `https://example.com`,\n- with requests whose method is either `GET` or `POST`,\n- and (optionally) with request header `Authorization`,\n\nand how to apply the middleware in question to all the resources accessible\nunder some `/api/` path:\n\n```go\npackage main\n\nimport (\n  \"io\"\n  \"log\"\n  \"net/http\"\n\n  \"github.com/jub0bs/fcors\"\n)\n\nfunc main() {\n  mux := http.NewServeMux()\n  mux.HandleFunc(\"GET /hello\", handleHello) // note: not configured for CORS\n\n  // create CORS middleware\n  cors, err := fcors.AllowAccess(\n    fcors.FromOrigins(\"https://example.com\"),\n    fcors.WithMethods(http.MethodGet, http.MethodPost),\n    fcors.WithRequestHeaders(\"Authorization\"),\n  )\n  if err != nil {\n    log.Fatal(err)\n  }\n\n  api := http.NewServeMux()\n  api.HandleFunc(\"GET /users\", handleUsersGet)\n  api.HandleFunc(\"POST /users\", handleUsersPost)\n  mux.Handle(\"/api/\", http.StripPrefix(\"/api\", cors(api))) // note: method-less pattern here\n\n  log.Fatal(http.ListenAndServe(\":8080\", mux))\n}\n\nfunc handleHello(w http.ResponseWriter, _ *http.Request) {\n  io.WriteString(w, \"Hello, World!\")\n}\n\nfunc handleUsersGet(w http.ResponseWriter, _ *http.Request) {\n  // omitted\n}\n\nfunc handleUsersPost(w http.ResponseWriter, _ *http.Request) {\n  // omitted\n}\n``` \n\nTry it out yourself by saving this program to a file named `server.go`.\nYou may need to adjust the port number if port 8080 happens to be unavailable\non your machine. Then build and run your server:\n\n```shell\ngo build server.go\n./server\n```\n\nIf no error occurred, the server is now running on `localhost:8080` and the\nvarious resources accessible under the `/api/` path are now configured for\nCORS as desired.\n\n## Documentation\n\nThe documentation is available on [pkg.go.dev][pkgsite].\n\n## Code coverage\n\n![coverage](https://codecov.io/gh/jub0bs/fcors/branch/main/graphs/sunburst.svg?token=N208BHWQTM)\n\n## License\n\nAll source code is covered by the [MIT License][license].\n\n[fearless-cors]: https://jub0bs.com/posts/2023-02-08-fearless-cors/\n[funcopts]: https://www.youtube.com/watch?v=5uM6z7RnReE\n[jub0bs-cors]: https://github.com/jub0bs/cors\n[license]: https://github.com/jub0bs/fcors/blob/main/LICENSE\n[mdn-cors]: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS\n[mdn-sop]: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy\n[net-http]: https://pkg.go.dev/net/http\n[pkgsite]: https://pkg.go.dev/github.com/jub0bs/fcors\n[stripe]: https://stripe.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjub0bs%2Ffcors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjub0bs%2Ffcors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjub0bs%2Ffcors/lists"}