Skip to content
go-zero

CORS Configuration

go-zero offers three ways to handle CORS:

  • rest.WithCors(origin ...string)
    • Sets the allowed origins for cross-origin requests.
  • rest.WithCorsHeaders(headers ...string)
    • Sets the allowed headers for cross-origin requests.
  • rest.WithCustomCors(middlewareFn func(header http.Header), notAllowedFn func(http.ResponseWriter), origin ...string)
    • Configures complex CORS requirements.

How to Customize CORS Headers?

Section titled “How to Customize CORS Headers?”

You can add allowed headers for cross-origin requests using go-zero’s rest.WithCorsHeaders(headers ...string).

Example code:

package main


import (
  "fmt"
  "net/http"


  "github.com/zeromicro/go-zero/core/conf"
  "github.com/zeromicro/go-zero/core/logx"
  "github.com/zeromicro/go-zero/rest"
  "github.com/zeromicro/go-zero/rest/httpx"
)


func main() {
  var c rest.RestConf
  conf.MustLoad("config.yaml", &c)


  server := rest.MustNewServer(c, rest.WithCorsHeaders("UserHeader1", "UserHeader2"))
  defer server.Stop()


  server.AddRoutes(
    []rest.Route{
      {
        Method: http.MethodPost,
        Path:   "/test",
        Handler: func(w http.ResponseWriter, r *http.Request) {
          logx.Info("Request received")
          httpx.OkJsonCtx(r.Context(), w, "1")
        },
      },
    },
  )


  fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
  server.Start()
}

go-zero version: >= v1.7.1

How to Customize CORS Domains?

Section titled “How to Customize CORS Domains?”

You can set allowed origins for cross-origin requests using go-zero’s rest.WithCors(origins …string).

Example code:

package main


import (
  "fmt"
  "net/http"


  "github.com/zeromicro/go-zero/core/conf"
  "github.com/zeromicro/go-zero/core/logx"
  "github.com/zeromicro/go-zero/rest"
  "github.com/zeromicro/go-zero/rest/httpx"
)


func main() {
  var c rest.RestConf
  conf.MustLoad("config.yaml", &c)


  // Set allowed origins for cross-origin requests
  server := rest.MustNewServer(c, rest.WithCors("example.com"))
  defer server.Stop()


  server.AddRoutes(
    []rest.Route{
      {
        Method: http.MethodPost,
        Path:   "/test",
        Handler: func(w http.ResponseWriter, r *http.Request) {
          logx.Info("Request received")
          httpx.OkJsonCtx(r.Context(), w, "1")
        },
      },
    },
  )


  fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
  server.Start()
}

How to Customize Complex CORS Settings?

Section titled “How to Customize Complex CORS Settings?”

You can configure complex CORS behavior using go-zero’s rest.WithCustomCors.

Example code:

package main


import (
  "fmt"
  "net/http"


  "github.com/zeromicro/go-zero/core/conf"
  "github.com/zeromicro/go-zero/core/logx"
  "github.com/zeromicro/go-zero/rest"
  "github.com/zeromicro/go-zero/rest/httpx"
)


func main() {
  var c rest.RestConf
  conf.MustLoad("config.yaml", &c)


  server := rest.MustNewServer(c, rest.WithCustomCors(func(header http.Header) {
    header.Set("Access-Control-Allow-Origin", "*")
    header.Add("Access-Control-Allow-Headers", "UserHeader1, UserHeader2")
    header.Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
    header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type")
  }, nil, "*"))
  defer server.Stop()


  server.AddRoutes(
    []rest.Route{
      {
        Method: http.MethodPost,
        Path:   "/test",
        Handler: func(w http.ResponseWriter, r *http.Request) {
          logx.Info("Request received")
          httpx.OkJsonCtx(r.Context(), w, "1")
        },
      },
    },
  )


  fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
  server.Start()
}