CORS Middleware

CORS middleware implements CORS specification.CORS gives web servers cross-domain access controls, which enable secure cross-domaindata transfers.

Usage

e.Use(middleware.CORS())

Custom Configuration

Usage

  1. e := echo.New()
  2. e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  3.   AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
  4.   AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
  5. }))

Configuration

  1. CORSConfig struct {
  2.   // Skipper defines a function to skip middleware.
  3.   Skipper Skipper
  5.   // AllowOrigin defines a list of origins that may access the resource.
  6.   // Optional. Default value []string{"*"}.
  7.   AllowOrigins []string `json:"allow_origins"`
  9.   // AllowMethods defines a list methods allowed when accessing the resource.
  10.   // This is used in response to a preflight request.
  11.   // Optional. Default value DefaultCORSConfig.AllowMethods.
  12.   AllowMethods []string `json:"allow_methods"`
  14.   // AllowHeaders defines a list of request headers that can be used when
  15.   // making the actual request. This in response to a preflight request.
  16.   // Optional. Default value []string{}.
  17.   AllowHeaders []string `json:"allow_headers"`
  19.   // AllowCredentials indicates whether or not the response to the request
  20.   // can be exposed when the credentials flag is true. When used as part of
  21.   // a response to a preflight request, this indicates whether or not the
  22.   // actual request can be made using credentials.
  23.   // Optional. Default value false.
  24.   AllowCredentials bool `json:"allow_credentials"`
  26.   // ExposeHeaders defines a whitelist headers that clients are allowed to
  27.   // access.
  28.   // Optional. Default value []string{}.
  29.   ExposeHeaders []string `json:"expose_headers"`
  31.   // MaxAge indicates how long (in seconds) the results of a preflight request
  32.   // can be cached.
  33.   // Optional. Default value 0.
  34.   MaxAge int `json:"max_age"`
  35. }

Default Configuration

  1. DefaultCORSConfig = CORSConfig{
  2.   Skipper:      DefaultSkipper,
  3.   AllowOrigins: []string{"*"},
  4.   AllowMethods: []string{http.MethodGet, http.MethodHead, http.MethodPut, http.MethodPatch, http.MethodPost, http.MethodDelete},
  5. }