cors icon indicating copy to clipboard operation
cors copied to clipboard

Published 20 hours ago verified publisher icon gin-contrib

Missing Access-Control-Allow-Origin in response header.

Open nickhsine opened this issue 8 years ago • 37 comments
trafficstars

I use @1.2.0 version, and the response header lacks of Access-Control-Allow-Origin header.

However, if I upgrade to the latest commit, the problem will be solved. I am wondering when @1.3.0 will be released?

nickhsine avatar Aug 09 '17 02:08 nickhsine

i meet the same problem the response header lacks of Access-Control-Allow-Origin header cors do not work

can u tell me how to get the cors version and how to update

dangyanglim avatar Mar 20 '18 01:03 dangyanglim

still not work

dangyanglim avatar Mar 20 '18 02:03 dangyanglim

it work when i put

router := gin.Default() router.Use(cors.Default())

together

not split

dangyanglim avatar Mar 20 '18 02:03 dangyanglim

@dangyanglim I use glide to control code dependencies. the following is how I set the pkg version in my glide.yaml

- package: github.com/gin-contrib/cors
  version: 567de191692713543513692ecba9f6ca08cd660a

567de191692713543513692ecba9f6ca08cd660a is the latest commit, and it works fine.

nickhsine avatar Mar 20 '18 09:03 nickhsine

Hi,

It seems I have the same issue. I'm working with dep.

I tried using the last commit and also the v1.2 tag.

It's working when using the example above :

router := gin.Default()
router.Use(cors.Default())
router.Run()

But then, I need to add a Authorization header. So the code is :

config := cors.DefaultConfig()
config.AllowAllOrigins = true
config.AllowCredentials = true
config.AddAllowHeaders("authorization")
router.Use(cors.New(config))
router.Run()

This is where I get the error from JavaScript : No 'Access-Control-Allow-Origin' header is present on the requested resource

Any idea?

seblegall avatar May 22 '18 13:05 seblegall

@seblegall You may need to assign a newer commit when you install this package. I am installing this commit.

nickhsine avatar May 22 '18 13:05 nickhsine

Still not working...

seblegall avatar May 22 '18 15:05 seblegall

For your reference, here is what I have coded

And I am using this commit 567de191692713543513692ecba9f6ca08cd660a

nickhsine avatar May 22 '18 15:05 nickhsine

Try this

router.Use(cors.New(cors.Config{
		AllowMethods:     []string{"GET", "POST", "OPTIONS", "PUT"},
		AllowHeaders:     []string{"Origin", "Content-Length", "Content-Type", "User-Agent", "Referrer", "Host", "Token"},
		ExposeHeaders:    []string{"Content-Length"},
		AllowCredentials: true,
		AllowAllOrigins:  false,
		AllowOriginFunc:  func(origin string) bool { return true },
		MaxAge:           86400,
	}))

wangshao1 avatar Jun 03 '18 21:06 wangshao1

I think that I may be experiencing this same issue Access-Control-Allow-Origin is missing from all GET requests when using cors.DefaultConfig()

BenKnigge avatar Jun 13 '18 19:06 BenKnigge

I have met the same issue when i use router.Use(cors.Default()) .

And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Triple-Z avatar Jun 17 '18 07:06 Triple-Z

Had the same problem. Solved it by registering the middleware with router.Use(cors.Default()) BEFORE registering any routes

emoldtmann avatar Jul 10 '18 20:07 emoldtmann

Just like SilentFlyBy, I have solve mine by registering the middleware with router.Use(cors.Default()) BEFORE registering any routes.

annagat avatar Jan 04 '19 05:01 annagat

I see the codes, it seems applyCors function miss c.Next(), is it this problem?

Sherlock-Holo avatar Feb 19 '19 14:02 Sherlock-Holo

@Sherlock-Holo ran into the same issue and was looking for an answer for a while. Here is the answer. https://github.com/gin-gonic/gin/issues/287

trivigy avatar Jun 16 '19 01:06 trivigy

Nothing worked for me, at the end I had to configure nginx for cors.

vivektiwary avatar Aug 05 '19 19:08 vivektiwary

Still not working...

@Triple-Z Thank you ,It works well.

snowdream avatar Oct 28 '19 17:10 snowdream

Still not working. But @Triple-Z's method works

pluveto avatar Jan 18 '20 08:01 pluveto

Throwing my name into the hat.

I was experiencing the issue as I was providing gin with the cors middleware after I had defined my routes.

Hope that helps someone! ✌️

scottenock avatar Mar 15 '20 20:03 scottenock

I have met the same issue when i use router.Use(cors.Default()) .

And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Just wondering, where and how would this be applied? Surely not instead of using the cors package, right?

jeffpohlmeyer avatar Jun 12 '20 19:06 jeffpohlmeyer

I have met the same issue when i use router.Use(cors.Default()) . And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Just wondering, where and how would this be applied? Surely not instead of using the cors package, right?

try router.Use(CORS())

blue14753 avatar Jul 27 '20 09:07 blue14753

Hi,

It seems I have the same issue. I'm working with dep.

I tried using the last commit and also the v1.2 tag.

It's working when using the example above :

router := gin.Default()
router.Use(cors.Default())
router.Run()

But then, I need to add a Authorization header. So the code is :

config := cors.DefaultConfig()
config.AllowAllOrigins = true
config.AllowCredentials = true
config.AddAllowHeaders("authorization")
router.Use(cors.New(config))
router.Run()

This is where I get the error from JavaScript : No 'Access-Control-Allow-Origin' header is present on the requested resource

Any idea?

Thank you so much!

GoCoGit avatar Aug 23 '20 17:08 GoCoGit 

go 1.15

require (
	github.com/gin-contrib/cors v1.3.1
	github.com/gin-gonic/gin v1.6.3
)

After 6 hours... c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With") c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE") change to c.Writer.Header().Set("Access-Control-Allow-Headers", "*") c.Writer.Header().Set("Access-Control-Allow-Methods", "GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH")

It works finally. Hope help somebody.

mclxly avatar Sep 29 '20 12:09 mclxly

I have met the same issue when i use router.Use(cors.Default()) .

And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Using this solution instead of the whole lib, thank you!

SparK-Cruz avatar Feb 01 '21 04:02 SparK-Cruz

I have met the same issue when i use router.Use(cors.Default()) . And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Using this solution instead of the whole lib, thank you!

Conceptually, what does the if statement in this method check for?

Elliot-Baxus avatar Feb 08 '22 21:02 Elliot-Baxus

I have met the same issue when i use router.Use(cors.Default()) . And I solved it by:

func CORS() gin.HandlerFunc {
	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")

		if c.Request.Method == "OPTIONS" {
			c.AbortWithStatus(204)
			return
		}

		c.Next()
	}
}

Using this solution instead of the whole lib, thank you!

Conceptually, what does the if statement in this method check for?

Options is just used as a pre-flight check. We just want to OK it if it comes through

jayy-lmao avatar Feb 14 '22 02:02 jayy-lmao

This is still not fixed for me ... seeing lots of errors in Chrome.

michealroberts avatar Jul 03 '22 13:07 michealroberts 

	return func(c *gin.Context) {
		c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
		if c.Request.Method == "OPTIONS" {
			c.IndentedJSON(204, "")
			return
		}

		c.Next()
	}
}

	router.Use(CORS())

Only by sending c.IndentedJSON(204,"") I could make it work, the abortWithStatus will replace your headers set previously.

CaiqueCastro07 avatar Jul 31 '22 02:07 CaiqueCastro07 

return func(c *gin.Context) {
	c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
	c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
	c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
	c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT, DELETE")
	if c.Request.Method == "OPTIONS" {
		c.IndentedJSON(204, "") 
		return
	}

	c.Next()
}

}

router.Use(CORS())

CaiqueCastro07 avatar Jul 31 '22 02:07 CaiqueCastro07

I think your request header must contain the "Origin" field, otherwise, it will not set "Access-Control-Allow-Origin"="*" in the response header.

image image image image

Cyberpunk314 avatar Aug 11 '22 11:08 Cyberpunk314