v0.14.0 master v0.13.0 v0.12.2 v0.11.3 v0.10.2 v0.9.3 v0.8.3


Setting CORS headers using rs/cors for gqlgen

Cross-Origin Resource Sharing (CORS) headers are required when your graphql server lives on a different domain to the one your client code is served. You can read more about CORS in the MDN docs.


gqlgen doesn’t include a CORS implementation, but it is built to work with all standard http middleware. Here we are going to use the fantastic chi and rs/cors to build our server.

package main

import (


func main() {
	router := chi.NewRouter()

	// Add CORS middleware around every request
	// See https://github.com/rs/cors for full option listing
		AllowedOrigins:   []string{"http://localhost:8080"},
		AllowCredentials: true,
		Debug:            true,

    srv := handler.NewDefaultServer(starwars.NewExecutableSchema(starwars.NewResolver()))
        Upgrader: websocket.Upgrader{
            CheckOrigin: func(r *http.Request) bool {
                // Check against your desired domains here
                 return r.Host == "example.org"
            ReadBufferSize:  1024,
            WriteBufferSize: 1024,

	router.Handle("/", playground.Handler("Starwars", "/query"))
	router.Handle("/query", srv)

	err := http.ListenAndServe(":8080", router)
	if err != nil {