search

gin-contrib / cors

Official CORS gin's middleware
https://gin-gonic.github.io/gin/
MIT License
1.77k stars 181 forks source link

Problem with AllowAllOrigins #14

Closed fshamshirdar closed 7 years ago

fshamshirdar commented 7 years ago

Following code is my configuration for enabling CORS needed for cookie-based authentication:

     r.Use(cors.New(cors.Config{
                AllowAllOrigins:  true,
                AllowMethods:     []string{"GET", "POST", "PUT", "HEAD"},
                AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type"},
                AllowCredentials: true,
                MaxAge: 12 * time.Hour,
        }))

Http client has headers for Content-Type: application/json and withCredentials: true But it only sends OPTIONS request and then throws this error { _body: error, status: 0, ok: false, statusText: "", headers: Object, type: 3, url: null }

I tried different configurations for CORS and found following configuration which works well:

     r.Use(cors.New(cors.Config{
                AllowOrigins:     []string{"http://localhost:3000"},
                AllowMethods:     []string{"GET", "POST", "PUT", "HEAD"},
                AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type"},
                AllowCredentials: true,
                MaxAge: 12 * time.Hour,
        }))

But I need to allow all origins. What is the problem with enabling both AllowAllOrigins and AllowCredentials together?

Thanks

appleboy commented 7 years ago

@fshamshirdar Please help to test #16

appleboy commented 7 years ago

@fshamshirdar Please update to latest version.

fshamshirdar commented 7 years ago

Thanks 👍