v0.17.6 v0.17.25 v0.17.24 v0.17.23 v0.17.22 v0.17.21 v0.17.20 v0.17.19 v0.17.18 v0.17.17 v0.17.16 v0.17.15 v0.17.14 v0.17.13 v0.17.12 v0.17.11 v0.17.10 v0.17.9 v0.17.8 v0.17.7 master


Setting CORS headers using rs/cors for gqlgen
You are looking at the docs for an older version (v0.17.6). The latest version is v0.17.25.

Cross-Origin Resource Sharing (CORS) headers are required when your graphql server lives on a different domain to the one your client code is served. You can read more about CORS in the MDN docs.


gqlgen doesn’t include a CORS implementation, but it is built to work with all standard http middleware. Here we are going to use the fantastic chi and rs/cors to build our server.

package main

import (


func main() {
	router := chi.NewRouter()

	// Add CORS middleware around every request
	// See https://github.com/rs/cors for full option listing
		AllowedOrigins:   []string{"http://localhost:8080"},
		AllowCredentials: true,
		Debug:            true,

    srv := handler.NewDefaultServer(starwars.NewExecutableSchema(starwars.NewResolver()))
        Upgrader: websocket.Upgrader{
            CheckOrigin: func(r *http.Request) bool {
                // Check against your desired domains here
                 return r.Host == "example.org"
            ReadBufferSize:  1024,
            WriteBufferSize: 1024,

	router.Handle("/", playground.Handler("Starwars", "/query"))
	router.Handle("/query", srv)

	err := http.ListenAndServe(":8080", router)
	if err != nil {