From 993c46f98d995bd1c06b6040833be554717bd0ca Mon Sep 17 00:00:00 2001
From: Claus Vium <clausvium@gmail.com>
Date: Thu, 3 Sep 2020 14:05:16 +0200
Subject: [PATCH] Remove custom CORS OPTIONS handling

---
 .../ApiApplicationBuilderExtensions.cs        | 10 ---
 .../CorsOptionsResponseMiddleware.cs          | 69 -------------------
 Jellyfin.Server/Startup.cs                    |  4 +-
 3 files changed, 2 insertions(+), 81 deletions(-)
 delete mode 100644 Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs

diff --git a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
index 33a8d7532..71c66a310 100644
--- a/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiApplicationBuilderExtensions.cs
@@ -68,16 +68,6 @@ namespace Jellyfin.Server.Extensions
             return appBuilder.UseMiddleware<LanFilteringMiddleware>();
         }
 
-        /// <summary>
-        /// Adds CORS OPTIONS request handling to the application pipeline.
-        /// </summary>
-        /// <param name="appBuilder">The application builder.</param>
-        /// <returns>The updated application builder.</returns>
-        public static IApplicationBuilder UseCorsOptionsResponse(this IApplicationBuilder appBuilder)
-        {
-            return appBuilder.UseMiddleware<CorsOptionsResponseMiddleware>();
-        }
-
         /// <summary>
         /// Adds base url redirection to the application pipeline.
         /// </summary>
diff --git a/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs b/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
deleted file mode 100644
index 8214f8907..000000000
--- a/Jellyfin.Server/Middleware/CorsOptionsResponseMiddleware.cs
+++ /dev/null
@@ -1,69 +0,0 @@
-using System;
-using System.Collections.Generic;
-using System.Net.Mime;
-using System.Threading.Tasks;
-using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.Primitives;
-
-namespace Jellyfin.Server.Middleware
-{
-    /// <summary>
-    /// Middleware for handling OPTIONS requests.
-    /// </summary>
-    public class CorsOptionsResponseMiddleware
-    {
-        private readonly RequestDelegate _next;
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="CorsOptionsResponseMiddleware"/> class.
-        /// </summary>
-        /// <param name="next">The next delegate in the pipeline.</param>
-        public CorsOptionsResponseMiddleware(RequestDelegate next)
-        {
-            _next = next;
-        }
-
-        /// <summary>
-        /// Executes the middleware action.
-        /// </summary>
-        /// <param name="httpContext">The current HTTP context.</param>
-        /// <returns>The async task.</returns>
-        public async Task Invoke(HttpContext httpContext)
-        {
-            if (string.Equals(httpContext.Request.Method, HttpMethods.Options, StringComparison.OrdinalIgnoreCase))
-            {
-                httpContext.Response.StatusCode = 200;
-                foreach (var (key, value) in GetDefaultCorsHeaders(httpContext))
-                {
-                    httpContext.Response.Headers.Add(key, value);
-                }
-
-                httpContext.Response.ContentType = MediaTypeNames.Text.Plain;
-                await httpContext.Response.WriteAsync(string.Empty, httpContext.RequestAborted).ConfigureAwait(false);
-                return;
-            }
-
-            await _next(httpContext).ConfigureAwait(false);
-        }
-
-        private static IDictionary<string, string> GetDefaultCorsHeaders(HttpContext httpContext)
-        {
-            var origin = httpContext.Request.Headers["Origin"];
-            if (origin == StringValues.Empty)
-            {
-                origin = httpContext.Request.Headers["Host"];
-                if (origin == StringValues.Empty)
-                {
-                    origin = "*";
-                }
-            }
-
-            var headers = new Dictionary<string, string>();
-            headers.Add("Access-Control-Allow-Origin", origin);
-            headers.Add("Access-Control-Allow-Credentials", "true");
-            headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
-            headers.Add("Access-Control-Allow-Headers", "Content-Type, Authorization, Range, X-MediaBrowser-Token, X-Emby-Authorization, Cookie");
-            return headers;
-        }
-    }
-}
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index c197888da..995271aa3 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -101,6 +101,8 @@ namespace Jellyfin.Server
 
             app.UseResponseCompression();
 
+            app.UseCors(ServerCorsPolicy.DefaultPolicyName);
+
             if (_serverConfigurationManager.Configuration.RequireHttps
                 && _serverApplicationHost.ListenWithHttps)
             {
@@ -110,7 +112,6 @@ namespace Jellyfin.Server
             app.UseAuthentication();
             app.UseJellyfinApiSwagger(_serverConfigurationManager);
             app.UseRouting();
-            app.UseCors(ServerCorsPolicy.DefaultPolicyName);
             app.UseAuthorization();
             if (_serverConfigurationManager.Configuration.EnableMetrics)
             {
@@ -120,7 +121,6 @@ namespace Jellyfin.Server
 
             app.UseLanFiltering();
             app.UseIpBasedAccessValidation();
-            app.UseCorsOptionsResponse();
             app.UseBaseUrlRedirection();
             app.UseWebSocketHandler();
             app.UseServerStartupMessage();