fix for firefox

project.clj

@@ -1,4 +1,4 @@
-(defproject fuck-cors "0.1.3"
+(defproject fuck-cors "0.1.4"
   :description "Fuck CORS and open all to everyone"
   :url "http://github.com/yogsototh/fuck-cors"
   :license {:name "MIT"

src/fuck_cors/core.clj

@@ -6,9 +6,9 @@
        "://"
        (get-in request [:headers "host"])))
 
-(defn- get-referer
+(defn- get-header
-  [request]
+  [request header-name]
-  (let [rawref (get-in request [:headers "referer"])]
+  (let [rawref (get-in request [:headers header-name])]
     (if rawref
         (clojure.string/replace rawref #"(http://[^/]*).*$" "$1")
         nil)))
@@ -16,17 +16,20 @@
 (defn wrap-open-cors
   "Open your Origin Policy to Everybody, no limit"
   [handler]
- (fn [request]
+  (fn [request]
-   (let [referer (get-referer request)
+    (let [origin (get-header "origin")
-         host (host-from-req request)
+          referer (get-header "referer")
-         origins (if referer
+          host (host-from-req request)
-                   referer
+          origins (if origin
-                   host)
+                    origin
-         headers {"Access-Control-Allow-Origin" origins
+                    (if referer
-                  "Access-Control-Allow-Headers" "Origin, X-Served-By, X-Requested-With, Content-Type, Accept, Cache-Control, Accept-Language, Accept-Encoding, Authorization"
+                      referer
-                  "Access-Control-Allow-Methods" "HEAD, GET, POST, PUT, DELETE, OPTIONS, TRACE"
+                      host))
-                  "Access-Control-Allow-Credentials" "true"
+          headers {"Access-Control-Allow-Origin" origins
-                  "Access-Control-Expose-Headers" "content-length"
+                   "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Cache-Control, Accept-Language, Accept-Encoding, Authorization"
-                  "Vary" "Accept-Encoding, Origin, Accept-Language"}]
+                   "Access-Control-Allow-Methods" "HEAD, GET, POST, PUT, DELETE, OPTIONS, TRACE"
-     (-> (handler request)
+                   "Access-Control-Allow-Credentials" "true"
-         (update-in [:headers] #(into % headers))))))
+                   "Access-Control-Expose-Headers" "content-length"
+                   "Vary" "Accept-Encoding, Origin, Accept-Language"}]
+      (-> (handler request)
+          (update-in [:headers] #(into % headers))))))