Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gin-contrib/cors

Official CORS gin's middleware
https://github.com/gin-contrib/cors

Last synced: about 9 hours ago
JSON representation

Official CORS gin's middleware

Host: GitHub
URL: https://github.com/gin-contrib/cors
Owner: gin-contrib
License: mit
Created: 2015-11-09T12:31:10.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2024-09-27T15:28:17.000Z (4 months ago)
Last Synced: 2024-10-29T11:32:26.907Z (3 months ago)
Language: Go
Homepage: https://gin-gonic.github.io/gin/
Size: 172 KB
Stars: 1,790
Watchers: 15
Forks: 185
Open Issues: 34
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-gin - gin-contrib/cors

README

        # CORS gin's middleware

[![Run Tests](https://github.com/gin-contrib/cors/actions/workflows/go.yml/badge.svg)](https://github.com/gin-contrib/cors/actions/workflows/go.yml)

[![codecov](https://codecov.io/gh/gin-contrib/cors/branch/master/graph/badge.svg)](https://codecov.io/gh/gin-contrib/cors)

[![Go Report Card](https://goreportcard.com/badge/github.com/gin-contrib/cors)](https://goreportcard.com/report/github.com/gin-contrib/cors)

[![GoDoc](https://godoc.org/github.com/gin-contrib/cors?status.svg)](https://godoc.org/github.com/gin-contrib/cors)

Gin middleware/handler to enable CORS support.

## Usage

### Start using it

Download and install it:

```sh

go get github.com/gin-contrib/cors

```

Import it in your code:

```go

import "github.com/gin-contrib/cors"

```

### Canonical example

```go

package main

import (

  "time"

  "github.com/gin-contrib/cors"

  "github.com/gin-gonic/gin"

)

func main() {

  router := gin.Default()

  // CORS for https://foo.com and https://github.com origins, allowing:

  // - PUT and PATCH methods

  // - Origin header

  // - Credentials share

  // - Preflight requests cached for 12 hours

  router.Use(cors.New(cors.Config{

    AllowOrigins:     []string{"https://foo.com"},

    AllowMethods:     []string{"PUT", "PATCH"},

    AllowHeaders:     []string{"Origin"},

    ExposeHeaders:    []string{"Content-Length"},

    AllowCredentials: true,

    AllowOriginFunc: func(origin string) bool {

      return origin == "https://github.com"

    },

    MaxAge: 12 * time.Hour,

  }))

  router.Run()

}

```

### Using DefaultConfig as start point

```go

func main() {

  router := gin.Default()

  // - No origin allowed by default

  // - GET,POST, PUT, HEAD methods

  // - Credentials share disabled

  // - Preflight requests cached for 12 hours

  config := cors.DefaultConfig()

  config.AllowOrigins = []string{"http://google.com"}

  // config.AllowOrigins = []string{"http://google.com", "http://facebook.com"}

  // config.AllowAllOrigins = true

  router.Use(cors.New(config))

  router.Run()

}

```

Note: while Default() allows all origins, DefaultConfig() does not and you will still have to use AllowAllOrigins.

### Default() allows all origins

```go

func main() {

  router := gin.Default()

  // same as

  // config := cors.DefaultConfig()

  // config.AllowAllOrigins = true

  // router.Use(cors.New(config))

  router.Use(cors.Default())

  router.Run()

}

```

Using all origins disables the ability for Gin to set cookies for clients. When dealing with credentials, don't allow all origins.