From eba0d9e387dc0375628acfd81957ff180c82d8df Mon Sep 17 00:00:00 2001 From: crobibero Date: Sun, 30 Aug 2020 10:05:21 -0600 Subject: [PATCH] Always allow set credentials header --- Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs b/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs index 4fad898a7..c4c491cdd 100644 --- a/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs +++ b/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs @@ -52,12 +52,10 @@ namespace Jellyfin.Server.Middleware && string.Equals(headerValue, "*", StringComparison.Ordinal)) { context.Response.Headers[HeaderNames.AccessControlAllowOrigin] = context.Request.Host.Value; - _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value); - if (!context.Response.Headers.ContainsKey(HeaderNames.AccessControlAllowCredentials)) - { - context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true"; - } + // Always allow credentials. + context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true"; + _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value); } }