gin-cors: Index | Examples | Files

package cors

import ""

This code implements the flow chart that can be found here.

A Default Config for example is below:

	Origins:        "*",
	Methods:        "GET, PUT, POST, DELETE",
	RequestHeaders: "Origin, Authorization, Content-Type",
	ExposedHeaders: "",
	MaxAge: 1 * time.Minute,
	Credentials: true,
	ValidateHeaders: false,



Package Files



const (
    AllowOriginKey      string = "Access-Control-Allow-Origin"
    AllowCredentialsKey        = "Access-Control-Allow-Credentials"
    AllowHeadersKey            = "Access-Control-Allow-Headers"
    AllowMethodsKey            = "Access-Control-Allow-Methods"
    MaxAgeKey                  = "Access-Control-Max-Age"

    OriginKey         = "Origin"
    RequestMethodKey  = "Access-Control-Request-Method"
    RequestHeadersKey = "Access-Control-Request-Headers"
    ExposeHeadersKey  = "Access-Control-Expose-Headers"

func Middleware Uses

func Middleware(config Config) gin.HandlerFunc

Middleware generates a middleware handler function that works inside of a Gin request to set the correct CORS headers. It accepts a cors.Options struct for configuration.


// Initialize the gin-gonic router
router := gin.New()

// Set up CORS middleware options
config := cors.Config{
    Origins:         "*",
    RequestHeaders:  "Authorization",
    Methods:         "GET, POST, PUT",
    Credentials:     true,
    ValidateHeaders: false,
    MaxAge:          1 * time.Minute,

// Apply the middleware to the router (works on groups too)

type Config Uses

type Config struct {
    // Enabling this causes us to compare Request-Method and Request-Headers to confirm they contain a subset of the Allowed Methods and Allowed Headers
    // The spec however allows for the server to always match, and simply return the allowed methods and headers. Either is supported in this middleware.
    ValidateHeaders bool

    // Comma delimited list of origin domains. Wildcard "*" is also allowed, and matches all origins.
    // If the origin does not match an item in the list, then the request is denied.
    Origins string

    // This are the headers that the resource supports, and will accept in the request.
    // Default is "Authorization".
    RequestHeaders string

    // These are headers that should be accessable by the CORS client, they are in addition to those defined by the spec as "simple response headers"
    //	 Cache-Control
    //	 Content-Language
    //	 Content-Type
    //	 Expires
    //	 Last-Modified
    //	 Pragma
    ExposedHeaders string

    // Comma delimited list of acceptable HTTP methods.
    Methods string

    // The amount of time in seconds that the client should cache the Preflight request
    MaxAge time.Duration

    // If true, then cookies and Authorization headers are allowed along with the request.  This
    // is passed to the browser, but is not enforced.
    Credentials bool
    // contains filtered or unexported fields

Config defines the configuration options available to control how the CORS middleware should function.

Package cors imports 4 packages (graph) and is imported by 35 packages. Updated 2016-07-17. Refresh now. Tools for package owners.