Enable CORS in Golang

by

I use gorilla/mux package to build Go RESTful API server, and client use JavaScript Request can work,

My Go Server runs at localhost:9091, and the Server code:

router := mux.NewRouter()
//api route is /people, 
//Methods("GET", "OPTIONS") means it support GET, OPTIONS
router.HandleFunc("/people", GetPeopleAPI).Methods("GET", "OPTIONS")
log.Fatal(http.ListenAndServe(":9091", router))

I find giving OPTIONS here is important, otherwise error will occur:

OPTIONS http://localhost:9091/people 405 (Method Not Allowed)

Failed to load http://localhost:9091/people: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:9092‘ is therefore not allowed access. The response had HTTP status code 405.

after allow OPTIONS it works great. I get the idea from This Article.

Besides, MDN CORS doc mention:

Additionally, for HTTP request methods that can cause side-effects on server’s data, the specification mandates that browsers “preflight” the request, soliciting supported methods from the server with an HTTP OPTIONS request method, and then, upon “approval” from the server, sending the actual request with the actual HTTP request method.

Following is the api GetPeopleAPI method, note in the method I give comment //Allow CORS here By * or specific origin, I have another similar answer explaining the concept of CORS Here:

func GetPeopleAPI(w http.ResponseWriter, r *http.Request) {

    //Allow CORS here By * or specific origin
    w.Header().Set("Access-Control-Allow-Origin", "*")

    w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
    // return "OKOK"
    json.NewEncoder(w).Encode("OKOK")
}

In the client, I use html with javascript on localhost:9092, and javascript will send request to server from localhost:9092

function GetPeople() {
    try {
        var xhttp = new XMLHttpRequest();
        xhttp.open("GET", "http://localhost:9091/people", false);
        xhttp.setRequestHeader("Content-type", "text/html");
        xhttp.send();
        var response = JSON.parse(xhttp.response);
        alert(xhttp.response);
    } catch (error) {
        alert(error.message);
    }
}

and the request can successfully get response "OKOK" .

You can also check response/request header information by tools like Fiddler .

More Related Contents:

  1. Same origin Policy and CORS (Cross-origin resource sharing)
  2. Cross-Domain AJAX doesn’t send X-Requested-With header
  3. Cross-Origin Request Blocked
  4. Origin is not allowed by Access-Control-Allow-Origin
  5. CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
  6. What is the motivation behind the introduction of preflight CORS requests?
  7. What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
  8. CORS error on same domain?
  9. CORS issue while making an Ajax request for oauth2 access token
  10. Understanding AJAX CORS and security considerations
  11. API Gateway CORS: no ‘Access-Control-Allow-Origin’ header
  12. How to enable cross-domain request on the server?
  13. Is CORS a secure way to do cross-domain AJAX requests?
  14. Access denied in IE 10 and 11 when ajax target is localhost
  15. Cross-Domain Requests with jQuery
  16. No ‘Access-Control-Allow-Origin’ header is present on the requested resource- AngularJS
  17. $http.get is not allowed by Access-Control-Allow-Origin but $.ajax is
  18. ‘No Transport’ Error w/ jQuery ajax call in IE
  19. Set-Cookie on Browser with Ajax Request via CORS
  20. Are different ports on the same server considered cross-domain? (Ajax-wise)
  21. Ajax Cross Domain Calls
  22. Ajax call bug with Chrome new version 73.0.3683.75?
  23. Web sockets make ajax/CORS obsolete?
  24. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
  25. ASP.NET MVC Ajax.ActionLink with Image
  26. Form submit in conditionally rendered component is not processed
  27. How to get selenium to wait for ajax response?
  28. How to decrease request payload of p:ajax during e.g. p:dataTable pagination
  29. Using the HTTP Range Header with a range specifier other than bytes?
  30. jQuery AJAX call results in error status 403

Leave a Comment