Enabling CORS on a Go Web Server

CORS stands for Cross Origin Resource Sharing and it’s a very handy way to make an API accessible by JavaScript in-browser client-side code.

If you are looking for a simple, quick way to enable CORS in localhost, or to open your API to anyone in the world, use:

func handler(w http.ResponseWriter, req *http.Request) {
    // ...
	enableCors(&w)
    // ...
}

func enableCors(w *http.ResponseWriter) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")
}

This does not provide any kind of control or fine tuning, and it’s intended for testing purposes only. Take a look at https://github.com/rs/cors for a more advanced setup.

Handling pre-flight OPTIONS requests

CORS does pre-flight requests sending an OPTIONS request to any URL, so to handle a POST request you first need to handle an OPTIONS request to that same URL.

On GET endpoints this is not an issue, but it is for POST and PUT and DELETE requests.

How?

func setupResponse(w *http.ResponseWriter, req *http.Request) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")
    (*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
    (*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
}

func indexHandler(w http.ResponseWriter, req *http.Request) {
	setupResponse(&w, req)
	if (*req).Method == "OPTIONS" {
		return
	}

    // process the request...
}

Again, this is intended for private use CORS only. Public use needs to be restricted.

Want to hire me?

I'm currently considering remote job/contract opportunities as a Frontend Developer.

Read more about me and if you're interested, get in touch.

Did you like this post?
I write a quality programming tutorial almost every day.
Get a monthly email with the top posts in your inbox.
No spam or upselling.