Documentation
CORS / Security
Apply secure defaults for browser and API traffic.
Overview
Security middleware provides sane defaults for headers, body limits, and CORS.
Example
Go
app.Use(security.Headers(), security.BodyLimit(1<<20), security.CORS(corsCfg))Best Practices
- Restrict CORS origins explicitly.
- Set conservative body limits by endpoint type.
Common Pitfalls
- Using wildcard CORS in production.
- Relying only on gateway-level security controls.