Enabling CORS on a Go Web Server

CORS stands for Cross Origin Resource Sharing and it’s a very handy way to make an API accessible by JavaScript in-browser client-side code.

If you are looking for a simple, quick way to enable CORS in localhost, or to open your API to anyone in the world, use:

func handler(w http.ResponseWriter, req *http.Request) {
    // ...
	enableCors(&w)
    // ...
}

func enableCors(w *http.ResponseWriter) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")
}

This does not provide any kind of control or fine tuning, and it’s intended for testing purposes only. Take a look at https://github.com/rs/cors for a more advanced setup.

Handling pre-flight OPTIONS requests

CORS does pre-flight requests sending an OPTIONS request to any URL, so to handle a POST request you first need to handle an OPTIONS request to that same URL.

On GET endpoints this is not an issue, but it is for POST and PUT and DELETE requests.

How?

func setupResponse(w *http.ResponseWriter, req *http.Request) {
	(*w).Header().Set("Access-Control-Allow-Origin", "*")
    (*w).Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
    (*w).Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization")
}

func indexHandler(w http.ResponseWriter, req *http.Request) {
	setupResponse(&w, req)
	if (*req).Method == "OPTIONS" {
		return
	}

    // process the request...
}

Again, this is intended for private use CORS only. Public use needs to be restricted.

More go tutorials:

• Using NGINX Reverse Proxy to serve Go services
• Making a copy of a struct in Go
• The basics of a Go Web Server
• Sorting a map type in Go
• Go pointers in a nutshell
• Go Tags explained
• Go Date and Time Formatting
• JSON processing with Go
• Go Variadic Functions
• Go Strings Cheat Sheet
• The Go Empty Interface Explained
• Debugging Go with VS Code and Delve
• Named Go returns parameters
• Generating random numbers and strings in Go
• Filesystem Structure of a Go project
• Binary Search Algorithm Implemented in Go
• Using Command Line Flags in Go
• GOPATH Explained
• Build a Command Line app with Go: lolcat
• Building a CLI command with Go: cowsay
• Using Shell Pipes with Go
• Go CLI tutorial: fortune clone
• List the files in a folder with Go
• Use Go to get a list of repositories from GitHub
• Go, append a slice of strings to a file
• Go, convert a string to a bytes slice
• Visualize your local Git contributions with Go
• Getting started with Go CPU and memory profiling
• Solving the "does not support indexing" error in a Go program
• Measuring execution time in a Go program
• Building a Web Crawler with Go to detect duplicate titles
• Go Best Practices: Pointer or value receivers?
• Go Best Practices: Should you use a method or a function?
• Go Data Structures: Set
• Go Maps Cheat Sheet
• Generate implementations for generic types in Go
• Go Data Structures: Dictionary
• Go Data Structures: Hash Table
• Implement Events Listeners in Go through Channels
• Go Data Structures: Stack
• Go Data Structures: Queue
• Go Data Structures: Binary Search Tree
• Go Data Structures: Graph
• Go Data Structures: Linked List
• The complete guide to Go Data Structures
• Comparing Go Values
• Is Go object oriented?
• Working with a SQL Database in Go
• Using environment variables in Go
• Go tutorial: REST API backed by PostgreSQL
• Enabling CORS on a Go Web Server
• Deploying a Go Application in a Docker Container
• Why Go is a powerful language to learn as a PHP developer
• Go, remove the io.Reader.ReadString newline char
• Go, how to watch changes and rebuild your program
• Go, count the months since a date
• Accessing HTTP POST parameters in Go