TL;DR ¶ I’ve just released jub0bs/cors, a new CORS middleware library for Go, perhaps the best one yet. It has some advantages over the more popular rs/cors library, including a simpler API, better documentation, extensive configuration validation, a useful debug mode, stronger performance guarantees. Here is a representative example of client code: package main import ( "io" "log" "net/http" "github.com/jub0bs/cors" ) func main() { mux := http.NewServeMux() mux.HandleFunc("GET /hello", handleHello) // no CORS on this corsMw, err := cors.NewMiddleware(cors.Config{ Origins: []string{"https://example.com"}, Methods: []string{http.MethodGet, http.MethodPost}, RequestHeaders: []string{"Authorization"}, }) if err != nil { log.Fatal(err) } corsMw.SetDebug(true) // optional: turn debug mode on api := http.NewServeMux() api.HandleFunc("GET /users", handleUsersGet) api.HandleFunc("POST /users", handleUsersPost) mux.Handle("/api/", http.StripPrefix("/api", corsMw.Wrap(api))) log.Fatal(http.ListenAndServe(":8080", mux)) } func handleHello(w http.ResponseWriter, _ *http.Request) { io.WriteString(w, "Hello, World!") } func handleUsersGet(w http.ResponseWriter, _ *http.Request) { // omitted } func handleUsersPost(w http.ResponseWriter, _ *http.Request) { // omitted } If you’re already convinced and wish to migrate your code to jub0bs/cors without further ado, skip to the migration guide further down this post.