github.com/gofiber/fiber/v2@v2.47.0/docs/api/middleware/cors.md (about) 1 --- 2 id: cors 3 title: CORS 4 --- 5 6 CORS middleware for [Fiber](https://github.com/gofiber/fiber) that can be used to enable [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) with various options. 7 8 ## Signatures 9 10 ```go 11 func New(config ...Config) fiber.Handler 12 ``` 13 14 ## Examples 15 16 Import the middleware package that is part of the Fiber web framework 17 18 ```go 19 import ( 20 "github.com/gofiber/fiber/v2" 21 "github.com/gofiber/fiber/v2/middleware/cors" 22 ) 23 ``` 24 25 After you initiate your Fiber app, you can use the following possibilities: 26 27 ```go 28 // Initialize default config 29 app.Use(cors.New()) 30 31 // Or extend your config for customization 32 app.Use(cors.New(cors.Config{ 33 AllowOrigins: "https://gofiber.io, https://gofiber.net", 34 AllowHeaders: "Origin, Content-Type, Accept", 35 })) 36 ``` 37 38 Using the `AllowOriginsFunc` function. In this example any origin will be allowed via CORS. 39 40 For example, if a browser running on `http://localhost:3000` sends a request, this will be accepted and the `access-control-allow-origin` response header will be set to `http://localhost:3000`. 41 42 **Note: Using this feature is discouraged in production and it's best practice to explicitly set CORS origins via `AllowOrigins`.** 43 44 ```go 45 app.Use(cors.New()) 46 47 app.Use(cors.New(cors.Config{ 48 AllowOriginsFunc: func(origin string) bool { 49 return os.Getenv("ENVIRONMENT") == "development" 50 }, 51 })) 52 ``` 53 54 ## Config 55 56 ```go 57 // Config defines the config for middleware. 58 type Config struct { 59 // Next defines a function to skip this middleware when returned true. 60 // 61 // Optional. Default: nil 62 Next func(c *fiber.Ctx) bool 63 64 // AllowOriginsFunc defines a function that will set the 'access-control-allow-origin' 65 // response header to the 'origin' request header when returned true. 66 // 67 // Note: Using this feature is discouraged in production and it's best practice to explicitly 68 // set CORS origins via 'AllowOrigins' 69 // 70 // Optional. Default: nil 71 AllowOriginsFunc func(origin string) bool 72 73 // AllowOrigin defines a list of origins that may access the resource. 74 // 75 // Optional. Default value "*" 76 AllowOrigins string 77 78 // AllowMethods defines a list methods allowed when accessing the resource. 79 // This is used in response to a preflight request. 80 // 81 // Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH" 82 AllowMethods string 83 84 // AllowHeaders defines a list of request headers that can be used when 85 // making the actual request. This is in response to a preflight request. 86 // 87 // Optional. Default value "". 88 AllowHeaders string 89 90 // AllowCredentials indicates whether or not the response to the request 91 // can be exposed when the credentials flag is true. When used as part of 92 // a response to a preflight request, this indicates whether or not the 93 // actual request can be made using credentials. 94 // 95 // Optional. Default value false. 96 AllowCredentials bool 97 98 // ExposeHeaders defines a whitelist headers that clients are allowed to 99 // access. 100 // 101 // Optional. Default value "". 102 ExposeHeaders string 103 104 // MaxAge indicates how long (in seconds) the results of a preflight request 105 // can be cached. 106 // 107 // Optional. Default value 0. 108 MaxAge int 109 } 110 ``` 111 112 ## Default Config 113 114 ```go 115 var ConfigDefault = Config{ 116 Next: nil, 117 AllowOriginsFunc: nil, 118 AllowOrigins: "*", 119 AllowMethods: strings.Join([]string{ 120 fiber.MethodGet, 121 fiber.MethodPost, 122 fiber.MethodHead, 123 fiber.MethodPut, 124 fiber.MethodDelete, 125 fiber.MethodPatch, 126 }, ","), 127 AllowHeaders: "", 128 AllowCredentials: false, 129 ExposeHeaders: "", 130 MaxAge: 0, 131 } 132 ```