server running on localhost:8080 getting CORS from frontend running on 9090

Question

I have a API-server (gin-gonic) running on localhost:8080. All the typical CORS-Header are set for debugging: When I try to test the API with a simple Frontend (swagger-ui) i get a CORS-error. (swagger is running on localhost:9090)

It works when everything is running on the same domain.

c.Writer.Header().Set("Access-Control-Allow-Origin", "*")
c.Writer.Header().Set("Access-Control-Allow-Headers", "*")
c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")

why is this not working. Should the 3 lines not keep all CORS problems away?

Im super curious for actual explanations rather than a plain solution. All resources regarding this (or a good one about CORS) are welcome.

It works fine in Postman or CURL

Errormessage in browser:

Answer 1

When you catch OPTION as Preflight request your server should return success. I cannot find return in your provided code.

Also you can try to use https://github.com/rs/cors

package main

import (
    "net/http"

    "github.com/gin-gonic/gin"
    cors "github.com/rs/cors/wrapper/gin"
)

func main() {
    router := gin.Default()

    router.Use(cors.Default())
    router.GET("/", func(context *gin.Context) {
        context.JSON(http.StatusOK, gin.H{"hello": "world"})
    })

    router.Run(":8080")
}