In my case REST endpoint has a separate namespace defined with the router.Group like so:
rootRouter := routing.New()
rootRouter.Use(
slash.Remover(http.StatusMovedPermanently)
)
apiGroup := rootRouter.Group("/api")
apiGroup.Use(
errorHandler,
content.TypeNegotiator(content.JSON),
cors.Handler(cors.AllowAll) // ok for GET but not working for POST (!)
)
in this case header "Access-Control-Allow-Methods: POST" does not emitted when browser sends preflight request. This causes typical cors error in browser console (added for the search engines):
Access to XMLHttpRequest at 'http://localhost:7070/api/devices/10012db92b' from origin 'http://localhost:5173' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
So the solution is moving cors.Handler to the upper rootRouter.Use:
rootRouter := routing.New()
rootRouter.Use(
slash.Remover(http.StatusMovedPermanently),
cors.Handler(cors.AllowAll) // now works for both GET and POST
)
// ...
P.S.
emitted headers could be checked with following curl command:
In my case REST endpoint has a separate namespace defined with the router.Group like so:
in this case header "Access-Control-Allow-Methods: POST" does not emitted when browser sends preflight request. This causes typical cors error in browser console (added for the search engines):
So the solution is moving cors.Handler to the upper rootRouter.Use:
P.S. emitted headers could be checked with following curl command: