CORS

CORS middleware implements CORS specification.
CORS gives web servers cross-domain access controls, which enable secure cross-domain
data transfers.

Usage

e.Use(middleware.CORS())

Custom Configuration

Usage

  1. e := echo.New()
  2. e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
  3. AllowOrigins: []string{"https://labstack.com", "https://labstack.net"},
  4. AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
  5. }))

Configuration

  1. CORSConfig struct {
  2. // Skipper defines a function to skip middleware.
  3. Skipper Skipper
  4. // AllowOrigin defines a list of origins that may access the resource.
  5. // Optional. Default value []string{"*"}.
  6. AllowOrigins []string `json:"allow_origins"`
  7. // AllowMethods defines a list methods allowed when accessing the resource.
  8. // This is used in response to a preflight request.
  9. // Optional. Default value DefaultCORSConfig.AllowMethods.
  10. AllowMethods []string `json:"allow_methods"`
  11. // AllowHeaders defines a list of request headers that can be used when
  12. // making the actual request. This in response to a preflight request.
  13. // Optional. Default value []string{}.
  14. AllowHeaders []string `json:"allow_headers"`
  15. // AllowCredentials indicates whether or not the response to the request
  16. // can be exposed when the credentials flag is true. When used as part of
  17. // a response to a preflight request, this indicates whether or not the
  18. // actual request can be made using credentials.
  19. // Optional. Default value false.
  20. AllowCredentials bool `json:"allow_credentials"`
  21. // ExposeHeaders defines a whitelist headers that clients are allowed to
  22. // access.
  23. // Optional. Default value []string{}.
  24. ExposeHeaders []string `json:"expose_headers"`
  25. // MaxAge indicates how long (in seconds) the results of a preflight request
  26. // can be cached.
  27. // Optional. Default value 0.
  28. MaxAge int `json:"max_age"`
  29. }

Default Configuration

  1. DefaultCORSConfig = CORSConfig{
  2. Skipper: DefaultSkipper,
  3. AllowOrigins: []string{"*"},
  4. AllowMethods: []string{echo.GET, echo.HEAD, echo.PUT, echo.PATCH, echo.POST, echo.DELETE},
  5. }