update: 2026-03-28 20:59

infogenie-backend-go/internal/middleware/cors.go

@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"time"
+
+	"github.com/gin-contrib/cors"
+	"github.com/gin-gonic/gin"
+)
+
+// CORS 宽松策略：放行任意 Origin（由 gin-contrib/cors 回显请求 Origin），便于前后端分离域名部署。
+// 如需收紧，可改为仅白名单或仅允许 https://infogenie.shumengya.top 等。
+func CORS() gin.HandlerFunc {
+	return cors.New(cors.Config{
+		AllowOriginFunc: func(origin string) bool {
+			return true
+		},
+		AllowMethods:     []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"},
+		AllowHeaders:     []string{"Origin", "Content-Type", "Authorization", "Accept", "X-Site-Admin-Token"},
+		ExposeHeaders:    []string{"Content-Length"},
+		AllowCredentials: true,
+		MaxAge:           12 * time.Hour,
+	})
+}