v0.10.2 v0.17.6 v0.17.5 v0.17.4 v0.17.3 v0.17.2 v0.17.1 v0.17.0 v0.16.0 v0.15.1 v0.15.0 v0.14.0 v0.13.0 v0.12.2 v0.12.1 v0.12.0 v0.11.3 v0.11.2 v0.11.1 v0.11.0 master


Setting CORS headers using rs/cors for gqlgen
You are looking at the docs for an older version (v0.10.2). The latest version is v0.17.6.

Cross-Origin Resource Sharing (CORS) headers are required when your graphql server lives on a different domain to the one your client code is served. You can read more about CORS in the MDN docs.


gqlgen doesn’t include a CORS implementation, but it is built to work with all standard http middleware. Here we are going to use the fantastic chi and rs/cors to build our server.

package main

import (


func main() {
	router := chi.NewRouter()

	// Add CORS middleware around every request
	// See https://github.com/rs/cors for full option listing
		AllowedOrigins:   []string{"http://localhost:8080"},
		AllowCredentials: true,
		Debug:            true,

	upgrader := websocket.Upgrader{
		CheckOrigin: func(r *http.Request) bool {
			// Check against your desired domains here
			 return r.Host == "example.org"
		ReadBufferSize:  1024,
		WriteBufferSize: 1024,

	router.Handle("/", handler.Playground("Starwars", "/query"))
		handler.GraphQL(starwars.NewExecutableSchema(starwars.NewResolver()), handler.WebsocketUpgrader(upgrader)),

	err := http.ListenAndServe(":8080", router)
	if err != nil {