initial commit

.gitignore

@@ -0,0 +1,9 @@
+/target
+/classes
+/checkouts
+pom.xml
+pom.xml.asc
+*.jar
+*.class
+/.lein-*
+/.nrepl-port

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Yann Esposito
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,39 @@
+# fuck-cors
+
+A Clojure library designed to fuck CORS and open your API completely.
+So all AJAX Call should alway works, be it with cookies or not.
+
+In which case should you use this library:
+
+1. You don't have time to think and want something that just works.
+2. You don't mind much about security.
+3. You hate CORS but want to be able to make Ajax call Cross website.
+
+## Why?
+
+[Some Men Just Want to Watch the World Burn](http://knowyourmeme.com/memes/some-men-just-want-to-watch-the-world-burn)
+
+## Usage
+
+Add
+
+~~~
+[fuck-cors 0.1.0]
+~~~
+
+to your `project.clj`.
+
+Then
+
+~~~
+(:require [fuck-cors.core :refer [wrap-open-cors])
+~~~
+
+And use `wrap-open-cors` as middleware.
+
+## License
+
+Copyright © 2014 Yann Esposito
+
+Distributed under the Eclipse Public License either version 1.0 or (at
+your option) any later version.

doc/intro.md

@@ -0,0 +1,3 @@
+# Introduction to fuck-cors
+
+TODO: write [great documentation](http://jacobian.org/writing/what-to-write/)

project.clj

@@ -0,0 +1,6 @@
+(defproject fuck-cors "0.1.0-SNAPSHOT"
+  :description "Fuck CORS and open all to everyone"
+  :url "http://github.com/yogsototh/fuck-cors"
+  :license {:name "MIT"
+            :url "http://opensource.org/licences/MIT"}
+  :dependencies [[org.clojure/clojure "1.6.0"]])

src/fuck_cors/core.clj

@@ -0,0 +1,32 @@
+(ns fuck-cors.core)
+
+(defn- host-from-req
+  [request]
+  (str (-> request :scheme name)
+       "://"
+       (get-in request [:headers "host"])))
+
+(defn- get-referer
+  [request]
+  (let [rawref (get-in request [:headers "referer"])]
+    (if rawref
+        (clojure.string/replace rawref #"(http://[^/]*).*$" "$1")
+        nil)))
+
+(defn wrap-open-cors
+  "Open your Origin Policy to Everybody, no limit"
+  [handler]
+ (fn [request]
+   (let [referer (get-referer request)
+         host (host-from-req request)
+         origins (if referer
+                   referer
+                   host)
+         headers {"Access-Control-Allow-Origin" origins
+                  "Access-Control-Allow-Headers" "Origin, X-Requested-With, Content-Type, Accept, Cache-Control"
+                  "Access-Control-Allow-Methods" "HEAD, GET, POST, PUT, DELETE, OPTIONS, TRACE"
+                  "Access-Control-Allow-Credentials" "true"
+                  "Access-Control-Expose-Headers" "content-length"
+                  "Vary" "Accept-Encoding, Origin"}]
+     (-> (handler request)
+         (update-in [:headers] #(into % headers))))))

test/fuck_cors/core_test.clj

@@ -0,0 +1,7 @@
+(ns fuck-cors.core-test
+  (:require [clojure.test :refer :all]
+            [fuck-cors.core :refer :all]))
+
+(deftest a-test
+  (testing "FIXME, I fail."
+    (is (= 0 1))))