Skip to main content
Version: v2.x

CORS

CORS middleware for Fiber that can be used to enable Cross-Origin Resource Sharing with various options.

Signatures

func New(config ...Config) fiber.Handler

Examples

Import the middleware package that is part of the Fiber web framework

import (
  "github.com/gofiber/fiber/v2"
  "github.com/gofiber/fiber/v2/middleware/cors"
)

After you initiate your Fiber app, you can use the following possibilities:

// Default config
app.Use(cors.New())

// Or extend your config for customization
app.Use(cors.New(cors.Config{
    AllowOrigins: "https://gofiber.io, https://gofiber.net",
    AllowHeaders:  "Origin, Content-Type, Accept",
}))

Config

// Config defines the config for middleware.
type Config struct {
    // Next defines a function to skip this middleware when returned true.
    //
    // Optional. Default: nil
    Next func(c *fiber.Ctx) bool

    // AllowOrigin defines a list of origins that may access the resource.
    //
    // Optional. Default value "*"
    AllowOrigins string

    // AllowMethods defines a list of methods allowed when accessing the resource.
    // This is used in response to a preflight request.
    //
    // Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
    AllowMethods string

    // AllowHeaders defines a list of request headers that can be used when
    // making the actual request. This is in response to a preflight request.
    //
    // Optional. Default value "".
    AllowHeaders string

    // AllowCredentials indicates whether or not the response to the request
    // can be exposed when the credentials flag is true. When used as part of
    // a response to a preflight request, this indicates whether or not the
    // actual request can be made using credentials.
    //
    // Optional. Default value false.
    AllowCredentials bool

    // ExposeHeaders defines a whitelist headers that clients are allowed to
    // access.
    //
    // Optional. Default value "".
    ExposeHeaders string

    // MaxAge indicates how long (in seconds) the results of a preflight request
    // can be cached.
    //
    // Optional. Default value 0.
    MaxAge int
}

Default Config

var ConfigDefault = Config{
    Next:             nil,
    AllowOrigins:     "*",
    AllowMethods:     "GET,POST,HEAD,PUT,DELETE,PATCH",
    AllowHeaders:     "",
    AllowCredentials: false,
    ExposeHeaders:    "",
    MaxAge:           0,
}
Last updated on by github-actions[bot]