connectrpc.com/cors simplifies Cross-Origin Resource Sharing (CORS) for
Connect servers. CORS is usually
required for the Connect and gRPC-Web protocols to work correctly in
web browsers.
For background, more details, and best practices, see Connect's CORS documentation. For more on Connect, see the announcement blog post, the documentation on connectrpc.com (especially the Getting Started guide for Go), the demo service, or the protocol specification.
This package should work with any CORS implementation. As an example, we'll use it with github.com/rs/cors.
import (
connectcors "connectrpc.com/cors"
"github.com/rs/cors"
)
// withCORS adds CORS support to a Connect HTTP handler.
func withCORS(connectHandler http.Handler) http.Handler {
c := cors.New(cors.Options{
AllowedOrigins: []string{"https://acme.com"}, // replace with your domain
AllowedMethods: connectcors.AllowedMethods(),
AllowedHeaders: connectcors.AllowedHeaders(),
ExposedHeaders: connectcors.ExposedHeaders(),
MaxAge: 7200, // 2 hours in seconds
})
return c.Handler(connectHandler)
}- connect-go: the Go implementation of Connect's RPC runtime
- examples-go: service powering demo.connectrpc.com, including bidi streaming
- grpchealth: gRPC-compatible health checks
- grpcreflect: gRPC-compatible server reflection
- authn: pluggable authentication for Connect servers
- connect-es: Type-safe APIs with Protobuf and TypeScript
- conformance: Connect, gRPC, and gRPC-Web interoperability tests
This module isn't stable yet, but it's fairly small — we expect to reach a stable release quickly.
It supports the three most recent major releases of Go. Keep in mind that only the last two releases receive security patches.
Within those parameters, cors follows semantic versioning. We will not
make breaking changes in the 1.x series of releases.
Offered under the Apache 2 license.