go get github.com/muhfajar/go-zero-cors-middleware

package main

import (
	"flag"
	"fmt"

	"github.com/muhfajar/go-zero-cors-middleware/test/greet/internal/config"
	"github.com/muhfajar/go-zero-cors-middleware/test/greet/internal/handler"
	"github.com/muhfajar/go-zero-cors-middleware/test/greet/internal/svc"

	middleware "github.com/muhfajar/go-zero-cors-middleware"
	"github.com/tal-tech/go-zero/core/conf"
	"github.com/tal-tech/go-zero/rest"
)

var configFile = flag.String("f", "etc/greet-api.yaml", "the config file")

func main() {
	flag.Parse()

	var c config.Config
	conf.MustLoad(*configFile, &c)

	ctx := svc.NewServiceContext(c)
	
	// Register go-zero-cors-middleware handler to handle preflight request
	cors := middleware.NewCORSMiddleware(&middleware.Options{})
	
	// Add run option WithNotAllowedHandler and register `.Handler()` to handle `OPTIONS` request (preflight)
	server := rest.MustNewServer(c.RestConf,
	    rest.WithNotAllowedHandler(cors.Handler()),
	)

	defer server.Stop()

	handler.RegisterHandlers(server, ctx)

	// Register go-zero-cors-middleware
	server.Use(cors.Handle)

	fmt.Printf("Starting server at %s:%d...\n", c.Host, c.Port)
	server.Start()
}

AllowCredentials bool       Indicates whether the request can include user credentials like cookies, HTTP authentication or client side SSL certificates.
AllowHeaders     []string   A list of non simple headers the client is allowed to use with cross-domain requests.
AllowMethods     []string   A list of methods the client is allowed to use with cross-domain requests.
ExposeHeaders    []string   Indicates which headers are safe to expose to the API of a CORS API specification.

AllowCredentials    false
AllowHeaders        []string{"Content-Type", "X-CSRF-Token", "Authorization", "AccessToken", "Token"}
AllowMethods        []string{"GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH"}
ExposeHeaders       []string{"Content-Length", "Content-Type", "Access-Control-Allow-Origin", "Access-Control-Allow-Headers"}