GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
fiber/docs/api/middleware/cors.md

4.1 KiB
Raw Blame History

id
cors

CORS

CORS middleware for Fiber that can be used to enable Cross-Origin Resource Sharing with various options.

Signatures

func New(config ...Config) fiber.Handler

Examples

Import the middleware package that is part of the Fiber web framework

import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/fiber/v2/middleware/cors"
)

After you initiate your Fiber app, you can use the following possibilities:

// Initialize default config
app.Use(cors.New())

// Or extend your config for customization
app.Use(cors.New(cors.Config{
    AllowOrigins: "https://gofiber.io, https://gofiber.net",
    AllowHeaders:  "Origin, Content-Type, Accept",
}))

Using the AllowOriginsFunc function. In this example any origin will be allowed via CORS.

For example, if a browser running on http://localhost:3000 sends a request, this will be accepted and the access-control-allow-origin response header will be set to http://localhost:3000.

Note: Using this feature is discouraged in production and it's best practice to explicitly set CORS origins via AllowOrigins.

app.Use(cors.New())

app.Use(cors.New(cors.Config{
    AllowOriginsFunc: func(origin string) bool {
        return os.Getenv("ENVIRONMENT") == "development"
    },
}))

Config

Property Type Description Default
Next func(*fiber.Ctx) bool Next defines a function to skip this middleware when returned true. nil
AllowOriginsFunc func(origin string) bool AllowOriginsFunc defines a function that will set the 'access-control-allow-origin' response header to the 'origin' request header when returned true. nil
AllowOrigins string AllowOrigin defines a list of origins that may access the resource. "*"
AllowMethods string AllowMethods defines a list methods allowed when accessing the resource. This is used in response to a preflight request. "GET,POST,HEAD,PUT,DELETE,PATCH"
AllowHeaders string AllowHeaders defines a list of request headers that can be used when making the actual request. This is in response to a preflight request. ""
AllowCredentials bool AllowCredentials indicates whether or not the response to the request can be exposed when the credentials flag is true. false
ExposeHeaders string ExposeHeaders defines a whitelist headers that clients are allowed to access. ""
MaxAge int MaxAge indicates how long (in seconds) the results of a preflight request can be cached. 0

Default Config

var ConfigDefault = Config{
	Next:         nil,
	AllowOriginsFunc: nil,
	AllowOrigins: "*",
	AllowMethods: strings.Join([]string{
		fiber.MethodGet,
		fiber.MethodPost,
		fiber.MethodHead,
		fiber.MethodPut,
		fiber.MethodDelete,
		fiber.MethodPatch,
	}, ","),
	AllowHeaders:     "",
	AllowCredentials: false,
	ExposeHeaders:    "",
	MaxAge:           0,
}