v0.11.3 v0.17.10 v0.17.9 v0.17.8 v0.17.7 v0.17.6 v0.17.5 v0.17.4 v0.17.3 v0.17.2 v0.17.1 v0.17.0 v0.16.0 v0.15.1 v0.15.0 v0.14.0 v0.13.0 v0.12.2 v0.12.1 v0.12.0 master


Setting CORS headers using rs/cors for gqlgen
You are looking at the docs for an older version (v0.11.3). The latest version is v0.17.10.

Cross-Origin Resource Sharing (CORS) headers are required when your graphql server lives on a different domain to the one your client code is served. You can read more about CORS in the MDN docs.


gqlgen doesn’t include a CORS implementation, but it is built to work with all standard http middleware. Here we are going to use the fantastic chi and rs/cors to build our server.

package main

import (


func main() {
	router := chi.NewRouter()

	// Add CORS middleware around every request
	// See https://github.com/rs/cors for full option listing
		AllowedOrigins:   []string{"http://localhost:8080"},
		AllowCredentials: true,
		Debug:            true,

    srv := handler.New(starwars.NewExecutableSchema(starwars.NewResolver()))
        Upgrader: websocket.Upgrader{
            CheckOrigin: func(r *http.Request) bool {
                // Check against your desired domains here
                 return r.Host == "example.org"
            ReadBufferSize:  1024,
            WriteBufferSize: 1024,

	router.Handle("/", handler.Playground("Starwars", "/query"))
	router.Handle("/query", srv)

	err := http.ListenAndServe(":8080", router)
	if err != nil {