github.com/gofiber/fiber/v2@v2.47.0/docs/api/middleware/cors.md (about)

     1  ---
     2  id: cors
     3  title: CORS
     4  ---
     5  
     6  CORS middleware for [Fiber](https://github.com/gofiber/fiber) that can be used to enable [Cross-Origin Resource Sharing](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) with various options.
     7  
     8  ## Signatures
     9  
    10  ```go
    11  func New(config ...Config) fiber.Handler
    12  ```
    13  
    14  ## Examples
    15  
    16  Import the middleware package that is part of the Fiber web framework
    17  
    18  ```go
    19  import (
    20    "github.com/gofiber/fiber/v2"
    21    "github.com/gofiber/fiber/v2/middleware/cors"
    22  )
    23  ```
    24  
    25  After you initiate your Fiber app, you can use the following possibilities:
    26  
    27  ```go
    28  // Initialize default config
    29  app.Use(cors.New())
    30  
    31  // Or extend your config for customization
    32  app.Use(cors.New(cors.Config{
    33      AllowOrigins: "https://gofiber.io, https://gofiber.net",
    34      AllowHeaders:  "Origin, Content-Type, Accept",
    35  }))
    36  ```
    37  
    38  Using the `AllowOriginsFunc` function. In this example any origin will be allowed via CORS.
    39  
    40  For example, if a browser running on `http://localhost:3000` sends a request, this will be accepted and the `access-control-allow-origin` response header will be set to `http://localhost:3000`.
    41  
    42  **Note: Using this feature is discouraged in production and it's best practice to explicitly set CORS origins via `AllowOrigins`.**
    43  
    44  ```go
    45  app.Use(cors.New())
    46  
    47  app.Use(cors.New(cors.Config{
    48      AllowOriginsFunc: func(origin string) bool {
    49          return os.Getenv("ENVIRONMENT") == "development"
    50      },
    51  }))
    52  ```
    53  
    54  ## Config
    55  
    56  ```go
    57  // Config defines the config for middleware.
    58  type Config struct {
    59  	// Next defines a function to skip this middleware when returned true.
    60  	//
    61  	// Optional. Default: nil
    62  	Next func(c *fiber.Ctx) bool
    63  
    64  	// AllowOriginsFunc defines a function that will set the 'access-control-allow-origin'
    65  	// response header to the 'origin' request header when returned true.
    66  	// 
    67  	// Note: Using this feature is discouraged in production and it's best practice to explicitly
    68  	// set CORS origins via 'AllowOrigins'
    69  	//
    70  	// Optional. Default: nil
    71  	AllowOriginsFunc func(origin string) bool
    72  
    73  	// AllowOrigin defines a list of origins that may access the resource.
    74  	//
    75  	// Optional. Default value "*"
    76  	AllowOrigins string
    77  
    78  	// AllowMethods defines a list methods allowed when accessing the resource.
    79  	// This is used in response to a preflight request.
    80  	//
    81  	// Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
    82  	AllowMethods string
    83  
    84  	// AllowHeaders defines a list of request headers that can be used when
    85  	// making the actual request. This is in response to a preflight request.
    86  	//
    87  	// Optional. Default value "".
    88  	AllowHeaders string
    89  
    90  	// AllowCredentials indicates whether or not the response to the request
    91  	// can be exposed when the credentials flag is true. When used as part of
    92  	// a response to a preflight request, this indicates whether or not the
    93  	// actual request can be made using credentials.
    94  	//
    95  	// Optional. Default value false.
    96  	AllowCredentials bool
    97  
    98  	// ExposeHeaders defines a whitelist headers that clients are allowed to
    99  	// access.
   100  	//
   101  	// Optional. Default value "".
   102  	ExposeHeaders string
   103  
   104  	// MaxAge indicates how long (in seconds) the results of a preflight request
   105  	// can be cached.
   106  	//
   107  	// Optional. Default value 0.
   108  	MaxAge int
   109  }
   110  ```
   111  
   112  ## Default Config
   113  
   114  ```go
   115  var ConfigDefault = Config{
   116  	Next:         nil,
   117  	AllowOriginsFunc: nil,
   118  	AllowOrigins: "*",
   119  	AllowMethods: strings.Join([]string{
   120  		fiber.MethodGet,
   121  		fiber.MethodPost,
   122  		fiber.MethodHead,
   123  		fiber.MethodPut,
   124  		fiber.MethodDelete,
   125  		fiber.MethodPatch,
   126  	}, ","),
   127  	AllowHeaders:     "",
   128  	AllowCredentials: false,
   129  	ExposeHeaders:    "",
   130  	MaxAge:           0,
   131  }
   132  ```