fiber: 🤗 [Question]: CORS problems
Question Description
Hello, I’m getting Access to XMLHttRequest at ‘http://localhost:8080/api/v1/auth/login’ from origin ‘http://localhost:3000’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Im using Fiber v2.42.0
However, I’m not getting this cors error when I switch to Echo framework. I see this is common in fiber but there isnt a clear answer to this cors issue in fiber and i tried using multiple cors configuration including the default in fiber made by others said to be working but it didnt for me. With Echo it hasnt been a problem at all:
e.Use(middleware.CORSWithConfig(middleware.CORSConfig{
AllowOrigins: []string{"http://localhost:3000"},
AllowHeaders: []string{echo.HeaderOrigin, echo.HeaderContentType, echo.HeaderAccept},
AllowMethods: []string{http.MethodGet, http.MethodPut, http.MethodPost, http.MethodDelete, http.MethodOptions, http.MethodPatch},
AllowCredentials: true,
}))
I really appreciate the help. I don’t want to switch to Echo simply because of a cors issue in fiber. I like fiber very much. Thanks.
Code Snippet (optional)
app.Use(cors.New(cors.Config{
AllowOrigins: "http://localhost:3000",
AllowHeaders: "Accept, Origin, Content-Type",
AllowMethods: "GET,POST,HEAD,PUT,DELETE,PATCH,OPTIONS",
AllowCredentials: true,
}))
Checklist:
- I agree to follow Fiber’s Code of Conduct.
- I have checked for existing issues that describe my questions prior to opening this one.
- I understand that improperly formatted questions may be closed without explanation.
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 15 (8 by maintainers)
@ReneWerner87 Thank you Rene. It was fully my fault caused by my silly mistake. When testing out two fiber instances I forgot to remove it the second one. I used the first instance(app := fiber.New()) while used the second instance(appp := fiber.New()) run the server. This was before implementing a frontend and when I tested out the login with Insomnia & Postman everything worked fine so I guess I didn’t remove the second instance, I left it as is… I didn’t think it would be a problem… I didn’t know that tools like Postman didn’t enforce the CORS policy unlike browsers, I just found that out now. When I implemented the frontend login and that’s when I started getting CORS error.