Golang gorilla/handlers CORS issue

YashSoniBon · May 27, 2020, 9:04pm

I have following CORS configuration

headersOk := handlers.AllowedHeaders([]string{“Authorization”, “Content-Type”, “Origin”, “Accept”, “Accept-Language”, “Accept-Encoding”, “Cache-Control”, “Content-Length”, “X-Requested-With”})

originsOk := handlers.AllowedOrigins([]string{“http://localhost:8080”, “http://localhost:5000”})

methodsOk := handlers.AllowedMethods([]string{“GET”, “HEAD”, “POST”, “PUT”, “OPTIONS”})

log.Fatal(http.ListenAndServe(":"+port, handlers.CORS(handlers.AllowCredentials(), originsOk, headersOk, methodsOk)(router)))

For the above CORS config, Content-Type:application/json works fine from Javascript XMLHttpRequest but when when the request is Content-Type:multipart/form-data; boundary=someboundary then it throws below error -

Access to XMLHttpRequest at ‘https://example.com/profile/edit’ from origin ‘http://localhost:5000’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Please help why multipart/form-data request throws CORS blocker

eudore · May 28, 2020, 2:13am

The domain name allowed by your CORS does not have example.com.

There is a simple request judgment in CORS. If a simple request does not require CORS, CORS judgment will be used.

The simple request requires that the request method is one of HEAD, GET, and POST. The request headers are only Accept, Accept-Language, Content-Language, Last-Event-ID, Content-Type, no additional header, and the value of Content-Type is application/x-www-form-urlencoded, multipart/form-data, text/plain one of three.

For more information, please google

system · August 26, 2020, 2:13am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.