Skip to main content

Cross-Origin Resource Sharing (CORS)

go-zero offers three ways to handle CORS:

  • rest.WithCors(origin ...string)
    • Sets the allowed origins for cross-origin requests.
  • rest.WithCorsHeaders(headers ...string)
    • Sets the allowed headers for cross-origin requests.
  • rest.WithCustomCors(middlewareFn func(header http.Header), notAllowedFn func(http.ResponseWriter), origin ...string)
    • Configures complex CORS requirements.

How to Customize CORS Headers?

You can add allowed headers for cross-origin requests using go-zero's rest.WithCorsHeaders(headers ...string).

Example code:

package main

import (
"fmt"
"net/http"

"github.com/zeromicro/go-zero/core/conf"
"github.com/zeromicro/go-zero/core/logx"
"github.com/zeromicro/go-zero/rest"
"github.com/zeromicro/go-zero/rest/httpx"
)

func main() {
var c rest.RestConf
conf.MustLoad("config.yaml", &c)

server := rest.MustNewServer(c, rest.WithCorsHeaders("UserHeader1", "UserHeader2"))
defer server.Stop()

server.AddRoutes(
[]rest.Route{
{
Method: http.MethodPost,
Path: "/test",
Handler: func(w http.ResponseWriter, r *http.Request) {
logx.Info("Request received")
httpx.OkJsonCtx(r.Context(), w, "1")
},
},
},
)

fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
server.Start()
}

go-zero version: >= v1.7.1

How to Customize CORS Domains?

You can set allowed origins for cross-origin requests using go-zero’s rest.WithCors(origins ...string).

Example code:

package main

import (
"fmt"
"net/http"

"github.com/zeromicro/go-zero/core/conf"
"github.com/zeromicro/go-zero/core/logx"
"github.com/zeromicro/go-zero/rest"
"github.com/zeromicro/go-zero/rest/httpx"
)

func main() {
var c rest.RestConf
conf.MustLoad("config.yaml", &c)

// Set allowed origins for cross-origin requests
server := rest.MustNewServer(c, rest.WithCors("example.com"))
defer server.Stop()

server.AddRoutes(
[]rest.Route{
{
Method: http.MethodPost,
Path: "/test",
Handler: func(w http.ResponseWriter, r *http.Request) {
logx.Info("Request received")
httpx.OkJsonCtx(r.Context(), w, "1")
},
},
},
)

fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
server.Start()
}

How to Customize Complex CORS Settings?

You can configure complex CORS behavior using go-zero’s rest.WithCustomCors.

Example code:

package main

import (
"fmt"
"net/http"

"github.com/zeromicro/go-zero/core/conf"
"github.com/zeromicro/go-zero/core/logx"
"github.com/zeromicro/go-zero/rest"
"github.com/zeromicro/go-zero/rest/httpx"
)

func main() {
var c rest.RestConf
conf.MustLoad("config.yaml", &c)

server := rest.MustNewServer(c, rest.WithCustomCors(func(header http.Header) {
header.Set("Access-Control-Allow-Origin", "*")
header.Add("Access-Control-Allow-Headers", "UserHeader1, UserHeader2")
header.Set("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS, PATCH")
header.Set("Access-Control-Expose-Headers", "Content-Length, Content-Type")
}, nil, "*"))
defer server.Stop()

server.AddRoutes(
[]rest.Route{
{
Method: http.MethodPost,
Path: "/test",
Handler: func(w http.ResponseWriter, r *http.Request) {
logx.Info("Request received")
httpx.OkJsonCtx(r.Context(), w, "1")
},
},
},
)

fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
server.Start()
}