fiber: Can't able to set request header to Access-Control-Allow-OriginšŸ¤—

Question description Guys I am a big fan of your work, I was just making an api to work with my react app. But Access-Control-Allow-Origin cors issue is coming up. I checked AllowOrigins was set to * in default, I manually tried it too. Then I tried to add to AllowHeaders but nothing seem to work. I read upon the Config struct and it seem to set it when its either ā€œ*ā€ or a specific domain but in my case none works. I am doing something wrong?

Code snippet Optional

	app.Use(cors.New(cors.Config{
		AllowCredentials: true,
		AllowOrigins:     "https://gradbook-cet.netlify.com",
		AllowHeaders:     "Origin, Content-Type, Accept, Accept-Language, Content-Length",
	}))

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 24 (9 by maintainers)

Most upvoted comments

@jub0bs Thank you so much for the information, i didnā€™t knew that before

+1
yacinebenkaidali on May 16, 2023

@yacinebenkaidali

Either you want to allow only anonymous requests from any Web origin, in which case you can use Access-Control-Allow-Origin: *; or you want to allow credentialed requests only from Web origins in an allowlist.

But you should never unconditionally reflect the value of the Origin request header in the Access-Control-Allow-Origin response header, especially if you also allow credentials. Doing so is very insecure!

+1
jub0bs on May 16, 2023

maybe more headers are sent than you(@sidmohanty11 ) allow

you should try it from my point of view, first with the default config, here everything is allowed

app.Use(cors.New())
+1
ReneWerner87 on Aug 2, 2021
Read more comments on GitHub
← fiber: šŸ› template/html: Cannot Clone "layouts/main" after it has executed
fiber: Problem with Route path →