mirror of
https://github.com/gofiber/fiber.git
synced 2025-05-06 15:49:41 +00:00
866d5b7628
* ✨ feat(cors): Added new 'AllowOriginsFunc' function.
* feat(cors): Added warning log for when both 'AllowOrigins' and 'AllowOriginsFunc' are set.
* feat(docs): Updated docs to include note about discouraging the use of this function in production workloads.
---------
Co-authored-by: RW <rene@gofiber.io>
3.5 KiB
3.5 KiB
id, title
| id | title |
|---|---|
| cors | CORS |
CORS middleware for Fiber that can be used to enable Cross-Origin Resource Sharing with various options.
Signatures
func New(config ...Config) fiber.Handler
Examples
Import the middleware package that is part of the Fiber web framework
import (
"github.com/gofiber/fiber/v2"
"github.com/gofiber/fiber/v2/middleware/cors"
)
After you initiate your Fiber app, you can use the following possibilities:
// Initialize default config
app.Use(cors.New())
// Or extend your config for customization
app.Use(cors.New(cors.Config{
AllowOrigins: "https://gofiber.io, https://gofiber.net",
AllowHeaders: "Origin, Content-Type, Accept",
}))
Using the AllowOriginsFunc function. In this example any origin will be allowed via CORS.
For example, if a browser running on http://localhost:3000 sends a request, this will be accepted and the access-control-allow-origin response header will be set to http://localhost:3000.
Note: Using this feature is discouraged in production and it's best practice to explicitly set CORS origins via AllowOrigins.
app.Use(cors.New())
app.Use(cors.New(cors.Config{
AllowOriginsFunc: func(origin string) bool {
return os.Getenv("ENVIRONMENT") == "development"
},
}))
Config
// Config defines the config for middleware.
type Config struct {
// Next defines a function to skip this middleware when returned true.
//
// Optional. Default: nil
Next func(c *fiber.Ctx) bool
// AllowOriginsFunc defines a function that will set the 'access-control-allow-origin'
// response header to the 'origin' request header when returned true.
//
// Note: Using this feature is discouraged in production and it's best practice to explicitly
// set CORS origins via 'AllowOrigins'
//
// Optional. Default: nil
AllowOriginsFunc func(origin string) bool
// AllowOrigin defines a list of origins that may access the resource.
//
// Optional. Default value "*"
AllowOrigins string
// AllowMethods defines a list methods allowed when accessing the resource.
// This is used in response to a preflight request.
//
// Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
AllowMethods string
// AllowHeaders defines a list of request headers that can be used when
// making the actual request. This is in response to a preflight request.
//
// Optional. Default value "".
AllowHeaders string
// AllowCredentials indicates whether or not the response to the request
// can be exposed when the credentials flag is true. When used as part of
// a response to a preflight request, this indicates whether or not the
// actual request can be made using credentials.
//
// Optional. Default value false.
AllowCredentials bool
// ExposeHeaders defines a whitelist headers that clients are allowed to
// access.
//
// Optional. Default value "".
ExposeHeaders string
// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached.
//
// Optional. Default value 0.
MaxAge int
}
Default Config
var ConfigDefault = Config{
Next: nil,
AllowOriginsFunc: nil,
AllowOrigins: "*",
AllowMethods: strings.Join([]string{
fiber.MethodGet,
fiber.MethodPost,
fiber.MethodHead,
fiber.MethodPut,
fiber.MethodDelete,
fiber.MethodPatch,
}, ","),
AllowHeaders: "",
AllowCredentials: false,
ExposeHeaders: "",
MaxAge: 0,
}