CORS stands for Cross Origin Resource Sharing and it’s a very handy way to make an API accessible by JavaScript in-browser client-side code.

If you are looking for a simple, quick way to enable CORS in localhost, or to open your API to anyone in the world, use:

func handler(w http.ResponseWriter, req *http.Request) {
    // ...
    // ...

func enableCors(w *http.ResponseWriter) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")

This does not provide any kind of control or fine tuning, and it’s intended for testing purposes only. Take a look at for a more advanced setup.

Handling pre-flight OPTIONS requests

CORS does pre-flight requests sending an OPTIONS request to any URL, so to handle a POST request you first need to handle an OPTIONS request to that same URL.

On GET endpoints this is not an issue, but it is for POST and PUT and DELETE requests.


func setupResponse(w *http.ResponseWriter, req *http.Request) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")
    (*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
    (*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")

func indexHandler(w http.ResponseWriter, req *http.Request) {
	setupResponse(&w, req)
	if (*req).Method == "OPTIONS" {

    // process the request...

Again, this is intended for private use CORS only. Public use needs to be restricted.

Did you know?

I have 7 premium training programs that will transform you, quickly, into an excellent Node/React/JS/Vue/Next.js/Svelte developer. Choose your own adventure. Practical lessons to learn the 80% of the things that you need to know, in 20% of the time!

⬇️ ⬇️ ⬇️

Check out all my courses now!

⬆️ ⬆️ ⬆️