package module
Version: v1.3.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 6, 2020 License: MIT Imports: 6 Imported by: 1,053


CORS gin's middleware

Build Status codecov Go Report Card GoDoc

Gin middleware/handler to enable CORS support.


Start using it

Download and install it:

$ go get

Import it in your code:

import ""
Canonical example:
package main

import (


func main() {
	router := gin.Default()
	// CORS for and origins, allowing:
	// - PUT and PATCH methods
	// - Origin header
	// - Credentials share
	// - Preflight requests cached for 12 hours
		AllowOrigins:     []string{""},
		AllowMethods:     []string{"PUT", "PATCH"},
		AllowHeaders:     []string{"Origin"},
		ExposeHeaders:    []string{"Content-Length"},
		AllowCredentials: true,
		AllowOriginFunc: func(origin string) bool {
			return origin == ""
		MaxAge: 12 * time.Hour,
Using DefaultConfig as start point
func main() {
	router := gin.Default()
	// - No origin allowed by default
	// - GET,POST, PUT, HEAD methods
	// - Credentials share disabled
	// - Preflight requests cached for 12 hours
	config := cors.DefaultConfig()
	config.AllowOrigins = []string{""}
	// config.AllowOrigins == []string{"", ""}

Default() allows all origins
func main() {
	router := gin.Default()
	// same as
	// config := cors.DefaultConfig()
	// config.AllowAllOrigins = true
	// router.Use(cors.New(config))




This section is empty.


View Source
var (
	DefaultSchemas = []string{
	ExtensionSchemas = []string{
	FileSchemas = []string{
	WebSocketSchemas = []string{


func Default

func Default() gin.HandlerFunc

Default returns the location middleware with default configuration.

func New

func New(config Config) gin.HandlerFunc

New returns the location middleware with user-defined custom configuration.


type Config

type Config struct {
	AllowAllOrigins bool

	// AllowOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// Default value is []
	AllowOrigins []string

	// AllowOriginFunc is a custom function to validate the origin. It take the origin
	// as argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowOrigins is ignored.
	AllowOriginFunc func(origin string) bool

	// AllowMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET and POST)
	AllowMethods []string

	// AllowHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	AllowHeaders []string

	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool

	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposeHeaders []string

	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached
	MaxAge time.Duration

	// Allows to add origins like http://some-domain/*, https://api.* or http://some.*
	AllowWildcard bool

	// Allows usage of popular browser extensions schemas
	AllowBrowserExtensions bool

	// Allows usage of WebSocket protocol
	AllowWebSockets bool

	// Allows usage of file:// schema (dangerous!) use it only when you 100% sure it's needed
	AllowFiles bool

Config represents all available options for the middleware.

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns a generic default configuration mapped to localhost.

func (*Config) AddAllowHeaders

func (c *Config) AddAllowHeaders(headers ...string)

AddAllowHeaders is allowed to add custom headers

func (*Config) AddAllowMethods

func (c *Config) AddAllowMethods(methods ...string)

AddAllowMethods is allowed to add custom methods

func (*Config) AddExposeHeaders

func (c *Config) AddExposeHeaders(headers ...string)

AddExposeHeaders is allowed to add custom expose headers

func (*Config) Validate

func (c *Config) Validate() error

Validate is check configuration of user defined.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL