CORS
To enable a flutter webapp served on a different domain to call out to your server you potentially need to do two thinks
Set response headers to allow CORS. Here’s an example
.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
w.Header().Set("Referrer-Policy ", "no-referrer-when-downgrade") w
You also need to potentially handle preflight requests. This will use the method OPTIONS
w.Header().Set("Access-Control-Allow-Origin", "*")
w.Header().Set("Access-Control-Allow-Headers", "Content-Type")
w.Header().Set("Referrer-Policy ", "no-referrer-when-downgrade")
if r.Method == "OPTIONS" {
// This handles preflight requests
w.WriteHeader(http.StatusOK)
return
}
In GoLang the interceptor pattern works great for dealing with CORS.
Referrer Policy
The client sends along two headers
- Referrer - The site from which the client was served
- Referrer-policy - The browsers policy
The referrer policy can be set a number of ways; docs.