2👍
✅
Basically you are not allowed to have Allowed-Origin: * when sending the Authorization header so you’ll have to specify the domain that is allowed, you can achieve this by changing the CORS middleware instead of using the default router.Use(cors.Default())
you could use something like this
router.Use(cors.New(cors.Config{
AllowOrigins: []string{"http://localhost:5500"},
AllowMethods: []string{"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD"},
AllowHeaders: []string{"Origin", "Content-Length", "Content-Type", "Authorization"},
ExposeHeaders: []string{"Content-Length"},
AllowCredentials: true,
MaxAge: 12 * time.Hour,
}))
you can also use the AllowOriginFunc cors.Config property for a dynamic logic (in case you want to support multiple domains).
Notice how the AllowOrigin property contains the domain of your vue project. Obviously you can allow more headers but the ones listed here are the ones you were allowing previously by using the Default config
Source:stackexchange.com