GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → zerg000000 → simple-cors

zerg000000 / simple-cors

Licence: MIT license
Simply usable CORS middleware / interceptor for Clojure

Programming Languages

clojure
4091 projects
shell
77523 projects

Labels

corsreititclojure-ring

Projects that are alternatives of or similar to simple-cors

Cors Vulnerable Lab
Sample vulnerable code and its exploit code
Stars: ✭ 149 (+473.08%)
Mutual labels:  cors
Web Security Fundamentals
👨‍🏫 Mike's Web Security Course
Stars: ✭ 195 (+650%)
Mutual labels:  cors
Instagram Proxy Api
CORS compliant API to access Instagram's public data
Stars: ✭ 245 (+842.31%)
Mutual labels:  cors
Rust Webapp Starter
Rust single page webapp written in actix-web with vuejs.
Stars: ✭ 151 (+480.77%)
Mutual labels:  cors
Aiohttp Cors
CORS support for aiohttp
Stars: ✭ 173 (+565.38%)
Mutual labels:  cors
Koa2 Cors
CORS middleware for koa2
Stars: ✭ 223 (+757.69%)
Mutual labels:  cors
Sanic Cors
A Sanic extension for handling Cross Origin Resource Sharing (CORS), making cross-origin AJAX possible. Based on flask-cors by Cory Dolphin.
Stars: ✭ 143 (+450%)
Mutual labels:  cors
realestate
A simple real estate app build with MEAN( Angular, Node and mongoDb ) and MERN( React, Node and mongoDb )
Stars: ✭ 33 (+26.92%)
Mutual labels:  cors
Xrcross
XRCross is a Reconstruction, Scanner, and a tool for penetration / BugBounty testing. This tool was built to test (XSS|SSRF|CORS|SSTI|IDOR|RCE|LFI|SQLI) vulnerabilities
Stars: ✭ 175 (+573.08%)
Mutual labels:  cors
Spring Boot Start Current
Spring Boot 脚手架 Mybatis Spring Security JWT 权限 Spring Cache + Redis
Stars: ✭ 246 (+846.15%)
Mutual labels:  cors
Create React Redux App Structure
Create React + Redux app structure with build configurations ✨
Stars: ✭ 161 (+519.23%)
Mutual labels:  cors
Flusk
Boilerplate API on how to structure big Flask applications (includes SQLAlchemy, Docker, nginx)
Stars: ✭ 165 (+534.62%)
Mutual labels:  cors
Akka Http Cors
Akka Http directives implementing the CORS specifications defined by W3C
Stars: ✭ 234 (+800%)
Mutual labels:  cors
Cors Container
A CORS proxy in a container (Docker) for when you need to `Access-Control-Allow-Origin: *`!
Stars: ✭ 150 (+476.92%)
Mutual labels:  cors
Bus
Bus 是一个基础框架、服务套件,它基于Java8编写,参考、借鉴了大量已有框架、组件的设计,可以作为后端服务的开发基础中间件。代码简洁,架构清晰,非常适合学习使用。
Stars: ✭ 253 (+873.08%)
Mutual labels:  cors
Browser Preview
🎢Preview html file in your default browser
Stars: ✭ 148 (+469.23%)
Mutual labels:  cors
Express Es6 Rest Api
🔋 Starter project for an ES6 RESTful Express API.
Stars: ✭ 2,401 (+9134.62%)
Mutual labels:  cors
laravel-cors
Laravel cors
Stars: ✭ 19 (-26.92%)
Mutual labels:  cors
drf-starter-template
DRF Starter Template with drf-yasg, heroku deployment ready config, CORS config
Stars: ✭ 25 (-3.85%)
Mutual labels:  cors
Link Preview Js
Parse and/or extract web links meta information: title, description, images, videos, etc. [via OpenGraph], runs on mobiles and node.
Stars: ✭ 240 (+823.08%)
Mutual labels:  cors
View All Similar Projects ➔

Simple CORS

Clojars Project

Bare minimum CORS middleware/interceptor for Clojure.

Features

  • Provide just enough CORS required by Browser.
  • Reasonable performance
  • Support Ring middleware / Reitit interceptor / Aleph middleware
  • Support all CORS features, especially Access-Control-Max-Age

Get Started

Add to your deps.edn

{zerg000000/simple-cors {:mvn/version "0.0.8"}}

When use in Ring handler

(require '[simple-cors.ring.middleware :as cors])

(def app (cors/wrap handler {:cors-config {:allowed-request-methods [:post :get]
                                           :allowed-request-headers ["Authorization" "Content-Type"]
                                           :origins ["https://yahoo.com"
                                                     "https://google.com"]
                                           :max-age 300}}))

When use in Reitit

(require '[simple-cors.reitit.interceptor :as cors]
         '[reitit.interceptor.sieppari]
         '[reitit.http :as http])

(def app 
  (let [config {:cors-config {:allowed-request-methods [:post :get]
                              :allowed-request-headers ["Authorization" "Content-Type"]
                              :origins ["https://yahoo.com"
                                        "https://google.com"]
                              :max-age 300}}]
    (http/ring-handler
     (http/router routes
                  {:reitit.http/default-options-endpoint 
                   (cors/default-options-endpoint config)})
     {:executor reitit.interceptor.sieppari/executor
      :interceptors [(cors/cors-interceptor config)]})))

When use in Aleph

(require '[simple-cors.aleph.middleware :as cors])

(def app (cors/wrap handler {:cors-config {:allowed-request-methods [:post :get]
                                           :allowed-request-headers ["Authorization" "Content-Type"]
                                           :origins ["https://yahoo.com"
                                                     "https://google.com"]
                                           :max-age 300}}))

Full config map, you can also see the spec in simple-cors.specs

{:cors-config {:allowed-request-methods [:post :get]
               :allowed-request-headers ["Authorization" "Content-Type"]
               :allow-credentials? true
               :origins ["https://yahoo.com"
                         "https://google.com"]
               :max-age 300
               :exposed-headers ["x-amz-date"]}
 :preflight-forbidden-response {:status 403}
 :preflight-ok-response {:status 200}}

Static / Any Origin / Fn CORS

Normally, Static is good and enough

{:cors-config {...
               :origins ["https://whatever.co"]
               ...}}

Some casual user might want CORS matched with any origin

{:cors-config {...
               :origins "*"
               ...}}

The ultimate solution is to provide your own matching function

{:cors-config {...
               :origins #{"https://whatever.co"}
               ...}}
; or
{:cors-config {...
               :origins (fn [origin] (and (str/starts-with? origin "https://")
                                          (str/ends-with? origin ".google.com")))
               ...}}

Combine Multiple Config

Support combining multiple CORS config with performance penalty. At most one AnyOrigin in configs, and will act as the last fallback.

{:cors-config [{...
                :origin "*"
                ...}
               {...
                :origin ["http://abc"]
                ...}]}

Why

Not checking or blocking invalid request

Since the main idea of CORS is to provide information for a browser to take action. In most of the cases, we can do little on pure server side

TODO

  • more tests
  • more docstring

Reference

Reference Doc

Reference Implementation

License

Copyright © 2020 Simple CORS

Simple CORS is licensed under the MIT license, available at MIT and also in the LICENSE file.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].