Convert to ICorsPolicyProvider

This commit is contained in:
crobibero 2020-09-05 09:10:05 -06:00
parent 8a08111adc
commit 2c05d53b06
4 changed files with 53 additions and 63 deletions

View File

@ -16,12 +16,13 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers;
using Jellyfin.Server.Formatters;
using Jellyfin.Server.Models;
using Jellyfin.Server.Middleware;
using MediaBrowser.Common.Json;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.OpenApi.Models;
@ -134,18 +135,15 @@ namespace Jellyfin.Server.Extensions
/// </summary>
/// <param name="serviceCollection">The service collection.</param>
/// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param>
/// /// <param name="corsHosts">The configured cors hosts.</param>
/// ///
/// <returns>The MVC builder.</returns>
public static IMvcBuilder AddJellyfinApi(
this IServiceCollection serviceCollection,
IEnumerable<Assembly> pluginAssemblies,
string[] corsHosts)
IEnumerable<Assembly> pluginAssemblies)
{
IMvcBuilder mvcBuilder = serviceCollection
.AddCors(options =>
{
options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, new ServerCorsPolicy(corsHosts).Policy);
})
.AddCors()
.AddTransient<ICorsPolicyProvider, CorsPolicyProvider>()
.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;

View File

@ -1,7 +1,49 @@
namespace Jellyfin.Server.Middleware
{
public class CorsPolicyProvider
{
using System;
using System.Threading.Tasks;
using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Server.Middleware
{
/// <summary>
/// Cors policy provider.
/// </summary>
public class CorsPolicyProvider : ICorsPolicyProvider
{
private readonly IServerConfigurationManager _serverConfigurationManager;
/// <summary>
/// Initializes a new instance of the <see cref="CorsPolicyProvider"/> class.
/// </summary>
/// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
public CorsPolicyProvider(IServerConfigurationManager serverConfigurationManager)
{
_serverConfigurationManager = serverConfigurationManager;
}
/// <inheritdoc />
public Task<CorsPolicy> GetPolicyAsync(HttpContext context, string policyName)
{
var corsHosts = _serverConfigurationManager.Configuration.CorsHosts;
var builder = new CorsPolicyBuilder()
.AllowAnyMethod()
.AllowAnyHeader();
// No hosts configured or only default configured.
if (corsHosts.Length == 0
|| (corsHosts.Length == 1
&& string.Equals(corsHosts[0], CorsConstants.AnyOrigin, StringComparison.Ordinal)))
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(corsHosts)
.AllowCredentials();
}
return Task.FromResult(builder.Build());
}
}
}

View File

@ -1,47 +0,0 @@
using System;
using Microsoft.AspNetCore.Cors.Infrastructure;
namespace Jellyfin.Server.Models
{
/// <summary>
/// Server Cors Policy.
/// </summary>
public class ServerCorsPolicy
{
/// <summary>
/// Default policy name.
/// </summary>
public const string DefaultPolicyName = nameof(ServerCorsPolicy);
/// <summary>
/// Initializes a new instance of the <see cref="ServerCorsPolicy"/> class.
/// </summary>
/// <param name="corsHosts">The configured cors hosts.</param>
public ServerCorsPolicy(string[] corsHosts)
{
var builder = new CorsPolicyBuilder()
.AllowAnyMethod()
.AllowAnyHeader();
// No hosts configured or only default configured.
if (corsHosts.Length == 0
|| (corsHosts.Length == 1
&& string.Equals(corsHosts[0], "*", StringComparison.Ordinal)))
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(corsHosts)
.AllowCredentials();
}
Policy = builder.Build();
}
/// <summary>
/// Gets the cors policy.
/// </summary>
public CorsPolicy Policy { get; }
}
}

View File

@ -5,7 +5,6 @@ using Jellyfin.Api.TypeConverters;
using Jellyfin.Server.Extensions;
using Jellyfin.Server.Implementations;
using Jellyfin.Server.Middleware;
using Jellyfin.Server.Models;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
@ -53,9 +52,7 @@ namespace Jellyfin.Server
{
options.HttpsPort = _serverApplicationHost.HttpsPort;
});
services.AddJellyfinApi(
_serverApplicationHost.GetApiPluginAssemblies(),
_serverConfigurationManager.Configuration.CorsHosts);
services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies());
services.AddJellyfinApiSwagger();
@ -118,7 +115,7 @@ namespace Jellyfin.Server
mainApp.UseResponseCompression();
mainApp.UseCors(ServerCorsPolicy.DefaultPolicyName);
mainApp.UseCors();
if (_serverConfigurationManager.Configuration.RequireHttps
&& _serverApplicationHost.ListenWithHttps)