Configure CORS to use authentication

2025-10-04 22:58:20 +02:00
parent dd0fb6f5ba
commit c5d71bbfeb
1 changed files with 10 additions and 1 deletions
--- a/main.go
+++ b/main.go
@@ -24,7 +24,7 @@ func setup(config *config.Config) *gin.Engine {
 		panic(err)
 	}
 	r := gin.Default()
-	r.Use(cors.Default()) // All origins allowed by default
+	r.Use(cors.New(configureCors())) // All origins allowed by default
 	r.Use(middleware.Auth())
 	r.GET("/books", func(c *gin.Context) {
 		api.GetBooksHanderl(c, db)
@@ -40,3 +40,12 @@ func setup(config *config.Config) *gin.Engine {
 	})
 	return r
 }
+
+func configureCors() cors.Config {
+	config := cors.DefaultConfig()
+	config.AllowOrigins = []string{"http://localhost:5173"}
+	config.AllowPrivateNetwork = true
+	config.AllowCredentials = true
+	config.AllowHeaders = []string{"Authorization", "Content-Type"}
+	return config
+}