fiber: Can't able to set request header to Access-Control-Allow-Originš¤
Question description Guys I am a big fan of your work, I was just making an api to work with my react app. But Access-Control-Allow-Origin cors issue is coming up. I checked AllowOrigins was set to * in default, I manually tried it too. Then I tried to add to AllowHeaders but nothing seem to work. I read upon the Config struct and it seem to set it when its either ā*ā or a specific domain but in my case none works. I am doing something wrong?
Code snippet Optional
app.Use(cors.New(cors.Config{
AllowCredentials: true,
AllowOrigins: "https://gradbook-cet.netlify.com",
AllowHeaders: "Origin, Content-Type, Accept, Accept-Language, Content-Length",
}))
About this issue
- Original URL
- State: closed
- Created 3 years ago
- Comments: 24 (9 by maintainers)
@jub0bs Thank you so much for the information, i didnāt knew that before
@yacinebenkaidali
Either you want to allow only anonymous requests from any Web origin, in which case you can use
Access-Control-Allow-Origin: *
; or you want to allow credentialed requests only from Web origins in an allowlist.But you should never unconditionally reflect the value of the
Origin
request header in theAccess-Control-Allow-Origin
response header, especially if you also allow credentials. Doing so is very insecure!maybe more headers are sent than you(@sidmohanty11 ) allow
you should try it from my point of view, first with the default config, here everything is allowed