Handling CORS
This section is only applicable to web browser based apps when the website domain is different to the API domain. Differences can be in hostname or in the port number.
Call the SetRelevantHeadersForOptionsAPI function: API Reference
supertokens.SetRelevantHeadersForOptionsAPI(w http.ResponseWriter);
supertokens.SetRelevantHeadersForOptionsAPI(c *gin.Context);
- This is to be called in your
OPTIONSAPI - Adds the following headers to the response:
Access-Control-Allow-Headers: "anti-csrf"Access-Control-Allow-Headers: "supertokens-sdk-name"Access-Control-Allow-Headers: "supertokens-sdk-version"Access-Control-Allow-Credentials: true
You'll also need to add
Access-Control-Allow-Credentialsheader with valuetrueandAccess-Control-Allow-Originheader to your supported origins for all the routes in which you will be using SuperTokens.
Example
import "github.com/supertokens/supertokens-go/supertokens"
http.HandleFunc("/like-comment", supertokens.Middleware(func(w http.ResponseWriter, r *http.Request) {
if r.Method == "OPTIONS" {
w.Header().Set("Access-Control-Allow-Origin", "some-origin.com")
w.Header().Set("Access-Control-Allow-Methods", "POST")
supertokens.SetRelevantHeadersForOptionsAPI(w)
w.Write([]byte(""))
} else {
// ...API logic
w.Header().Set("Access-Control-Allow-Origin", "some-origin.com")
w.Header().Set("Access-Control-Allow-Credentials", "true")
w.Write([]byte("success"))
}
}))
import "github.com/supertokens/supertokens-go/gin/supertokens"
r.OPTIONS("/like-comment", func(c *gin.Context) {
c.Writer.Header().Set("Access-Control-Allow-Origin", "some-origin.com")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST")
supertokens.SetRelevantHeadersForOptionsAPI(c)
c.Writer.Write([]byte(""))
})
r.POST("/like-comment", supertokens.Middleware(), func(c *gin.Context) {
// ...API logic
c.Writer.Header().Set("Access-Control-Allow-Origin", "some-origin.com")
c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
c.Writer.Write([]byte("success"))
})