package module
v1.0.0-...-cf4846e Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 18, 2017 License: MIT Imports: 6 Imported by: 42


CORS gin's middleware

Build Status codecov Go Report Card GoDoc

Gin middleware/handler to enable CORS support.


Start using it

Download and install it:

$ go get

Import it in your code:

import ""
Canonical example:
package main

import (


func main() {
	router := gin.Default()
	// CORS for and origins, allowing:
	// - PUT and PATCH methods
	// - Origin header
	// - Credentials share
	// - Preflight requests cached for 12 hours
		AllowOrigins:     []string{""},
		AllowMethods:     []string{"PUT", "PATCH"},
		AllowHeaders:     []string{"Origin"},
		ExposeHeaders:    []string{"Content-Length"},
		AllowCredentials: true,
		AllowOriginFunc: func(origin string) bool {
			return origin == ""
		MaxAge: 12 * time.Hour,
Using DefaultConfig as start point
func main() {
	router := gin.Default()
	// - No origin allowed by default
	// - GET,POST, PUT, HEAD methods
	// - Credentials share disabled
	// - Preflight requests cached for 12 hours
	config := cors.DefaultConfig()
	config.AllowOrigins = []string{""}
	// config.AllowOrigins == []string{"", ""}

Default() allows all origins
func main() {
	router := gin.Default()
	// same as
	// config := cors.DefaultConfig()
	// config.AllowAllOrigins = true
	// router.Use(cors.New(config))




This section is empty.


This section is empty.


func Default

func Default() gin.HandlerFunc

Default returns the location middleware with default configuration.

func New

func New(config Config) gin.HandlerFunc

New returns the location middleware with user-defined custom configuration.


type Config

type Config struct {
	AllowAllOrigins bool

	// AllowedOrigins is a list of origins a cross-domain request can be executed from.
	// If the special "*" value is present in the list, all origins will be allowed.
	// Default value is ["*"]
	AllowOrigins []string

	// AllowOriginFunc is a custom function to validate the origin. It take the origin
	// as argument and returns true if allowed or false otherwise. If this option is
	// set, the content of AllowedOrigins is ignored.
	AllowOriginFunc func(origin string) bool

	// AllowedMethods is a list of methods the client is allowed to use with
	// cross-domain requests. Default value is simple methods (GET and POST)
	AllowMethods []string

	// AllowedHeaders is list of non simple headers the client is allowed to use with
	// cross-domain requests.
	// If the special "*" value is present in the list, all headers will be allowed.
	// Default value is [] but "Origin" is always appended to the list.
	AllowHeaders []string

	// AllowCredentials indicates whether the request can include user credentials like
	// cookies, HTTP authentication or client side SSL certificates.
	AllowCredentials bool

	// ExposedHeaders indicates which headers are safe to expose to the API of a CORS
	// API specification
	ExposeHeaders []string

	// MaxAge indicates how long (in seconds) the results of a preflight request
	// can be cached
	MaxAge time.Duration

Config represents all available options for the middleware.

func DefaultConfig

func DefaultConfig() Config

DefaultConfig returns a generic default configuration mapped to localhost.

func (*Config) AddAllowHeaders

func (c *Config) AddAllowHeaders(headers ...string)

AddAllowHeaders is allowed to add custom headers

func (*Config) AddAllowMethods

func (c *Config) AddAllowMethods(methods ...string)

AddAllowMethods is allowed to add custom methods

func (*Config) AddExposeHeaders

func (c *Config) AddExposeHeaders(headers ...string)

AddExposeHeaders is allowed to add custom expose headers

func (Config) Validate

func (c Config) Validate() error

Validate is check configuration of user defined.


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL