Skip to main content
Version: v2.x


CORS middleware for Fiber that can be used to enable Cross-Origin Resource Sharing with various options.


func New(config ...Config) fiber.Handler


Import the middleware package that is part of the Fiber web framework

import (

After you initiate your Fiber app, you can use the following possibilities:

// Default config

// Or extend your config for customization
AllowOrigins: ",",
AllowHeaders: "Origin, Content-Type, Accept",


// Config defines the config for middleware.
type Config struct {
// Next defines a function to skip this middleware when returned true.
// Optional. Default: nil
Next func(c *fiber.Ctx) bool

// AllowOrigin defines a list of origins that may access the resource.
// Optional. Default value "*"
AllowOrigins string

// AllowMethods defines a list of methods allowed when accessing the resource.
// This is used in response to a preflight request.
// Optional. Default value "GET,POST,HEAD,PUT,DELETE,PATCH"
AllowMethods string

// AllowHeaders defines a list of request headers that can be used when
// making the actual request. This is in response to a preflight request.
// Optional. Default value "".
AllowHeaders string

// AllowCredentials indicates whether or not the response to the request
// can be exposed when the credentials flag is true. When used as part of
// a response to a preflight request, this indicates whether or not the
// actual request can be made using credentials.
// Optional. Default value false.
AllowCredentials bool

// ExposeHeaders defines a whitelist headers that clients are allowed to
// access.
// Optional. Default value "".
ExposeHeaders string

// MaxAge indicates how long (in seconds) the results of a preflight request
// can be cached.
// Optional. Default value 0.
MaxAge int

Default Config

var ConfigDefault = Config{
Next: nil,
AllowOrigins: "*",
AllowHeaders: "",
AllowCredentials: false,
ExposeHeaders: "",
MaxAge: 0,