---
id: cors
title: CORS
---

CORS middleware for [Fiber](https://github.com/gofiber/fiber) that can be used to enable [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) with various options.

## Signatures

```go
func New(config ...Config) fiber.Handler
```

## Examples

Import the middleware package that is part of the Fiber web framework

```go
import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/fiber/v2/middleware/cors"
)
```

After you initiate your Fiber app, you can use the following possibilities:

```go
// Default config
app.Use(cors.New())

// Or extend your config for customization
app.Use(cors.New(cors.Config{
    AllowOrigins: "https://gofiber.io, https://gofiber.net",
    AllowHeaders:  "Origin, Content-Type, Accept",
}))
```

## Config

```go
// Config defines the config for middleware.
type Config struct {
    // Next defines a function to skip this middleware when returned true.
    //
    // Optional. Default: nil
    Next func(c *fiber.Ctx) bool

    // AllowOrigin defines a list of origins that may access the resource.
    //
    // Optional. Default value "*"
    AllowOrigins string

    // AllowMethods defines a list of methods allowed when accessing the resource.
    // This is used in response to a preflight request.
    //
    // Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
    AllowMethods string

    // AllowHeaders defines a list of request headers that can be used when
    // making the actual request. This is in response to a preflight request.
    //
    // Optional. Default value "".
    AllowHeaders string

    // AllowCredentials indicates whether or not the response to the request
    // can be exposed when the credentials flag is true. When used as part of
    // a response to a preflight request, this indicates whether or not the
    // actual request can be made using credentials.
    //
    // Optional. Default value false.
    AllowCredentials bool

    // ExposeHeaders defines a whitelist headers that clients are allowed to
    // access.
    //
    // Optional. Default value "".
    ExposeHeaders string

    // MaxAge indicates how long (in seconds) the results of a preflight request
    // can be cached.
    //
    // Optional. Default value 0.
    MaxAge int
}
```

## Default Config

```go
var ConfigDefault = Config{
    Next:             nil,
    AllowOrigins:     "*",
    AllowMethods:     "GET,POST,HEAD,PUT,DELETE,PATCH",
    AllowHeaders:     "",
    AllowCredentials: false,
    ExposeHeaders:    "",
    MaxAge:           0,
}
```