DEV Community

urgensherpa
urgensherpa

Posted on

Implementing CORS with go-chi

All web browsers implement a security model known as the Same-Origin Policy (SOP). It restricts domains from accessing and retrieving data from other domains’ resources; this helps protect users from malicious scripts that could access their sensitive data or perform unauthorized actions on their behalf. This led to creation of Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.

corsHandler := cors.Handler(cors.Options{
        AllowedOrigins:   []string{"https://site1.com"},
        AllowedMethods:   []string{"GET", "POST", "PUT", "DELETE", "OPTIONS"},
        AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "Access-Control-Allow-Origin"},
        ExposedHeaders:   []string{"Link"},
        AllowCredentials: false,
        MaxAge:           300, // Maximum value not ignored by any of the major browsers
    })
Enter fullscreen mode Exit fullscreen mode

The AllowedOrigins field in the corsHandler configuration in main.go specifies which origins are allowed to access the server's resources. In this case, only requests from https://site1.com are allowed.

This is a security measure known as Cross-Origin Resource Sharing (CORS). It prevents web pages from making requests to a different domain than the one the web page came from, unless the server specifies that it allows such requests.

If a request comes from an origin not listed in AllowedOrigins, the server will respond with a CORS error and the browser will block the request. This helps protect your server from potentially malicious requests from unknown origins.

Heroku

This site is built on Heroku

Join the ranks of developers at Salesforce, Airbase, DEV, and more who deploy their mission critical applications on Heroku. Sign up today and launch your first app!

Get Started

Top comments (0)

AWS GenAI LIVE image

Real challenges. Real solutions. Real talk.

From technical discussions to philosophical debates, AWS and AWS Partners examine the impact and evolution of gen AI.

Learn more

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay