From 2c05d53b06855eab76012ba70da00ec62af787c3 Mon Sep 17 00:00:00 2001 From: crobibero Date: Sat, 5 Sep 2020 09:10:05 -0600 Subject: [PATCH] Convert to ICorsPolicyProvider --- .../ApiServiceCollectionExtensions.cs | 14 +++--- .../Middleware/CorsPolicyProvider.cs | 48 +++++++++++++++++-- Jellyfin.Server/Models/ServerCorsPolicy.cs | 47 ------------------ Jellyfin.Server/Startup.cs | 7 +-- 4 files changed, 53 insertions(+), 63 deletions(-) delete mode 100644 Jellyfin.Server/Models/ServerCorsPolicy.cs diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs index 8dcce93a4..65db33155 100644 --- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs +++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs @@ -16,12 +16,13 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy; using Jellyfin.Api.Constants; using Jellyfin.Api.Controllers; using Jellyfin.Server.Formatters; -using Jellyfin.Server.Models; +using Jellyfin.Server.Middleware; using MediaBrowser.Common.Json; using MediaBrowser.Model.Entities; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Builder; +using Microsoft.AspNetCore.Cors.Infrastructure; using Microsoft.AspNetCore.HttpOverrides; using Microsoft.Extensions.DependencyInjection; using Microsoft.OpenApi.Models; @@ -134,18 +135,15 @@ namespace Jellyfin.Server.Extensions /// /// The service collection. /// An IEnumerable containing all plugin assemblies with API controllers. - /// /// The configured cors hosts. + /// /// /// The MVC builder. public static IMvcBuilder AddJellyfinApi( this IServiceCollection serviceCollection, - IEnumerable pluginAssemblies, - string[] corsHosts) + IEnumerable pluginAssemblies) { IMvcBuilder mvcBuilder = serviceCollection - .AddCors(options => - { - options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, new ServerCorsPolicy(corsHosts).Policy); - }) + .AddCors() + .AddTransient() .Configure(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; diff --git a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs index 7c2b28ed8..02178e29c 100644 --- a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs +++ b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs @@ -1,7 +1,49 @@ -namespace Jellyfin.Server.Middleware +using System; +using System.Threading.Tasks; +using MediaBrowser.Controller.Configuration; +using Microsoft.AspNetCore.Cors.Infrastructure; +using Microsoft.AspNetCore.Http; + +namespace Jellyfin.Server.Middleware { - public class CorsPolicyProvider + /// + /// Cors policy provider. + /// + public class CorsPolicyProvider : ICorsPolicyProvider { - + private readonly IServerConfigurationManager _serverConfigurationManager; + + /// + /// Initializes a new instance of the class. + /// + /// Instance of the interface. + public CorsPolicyProvider(IServerConfigurationManager serverConfigurationManager) + { + _serverConfigurationManager = serverConfigurationManager; + } + + /// + public Task GetPolicyAsync(HttpContext context, string policyName) + { + var corsHosts = _serverConfigurationManager.Configuration.CorsHosts; + var builder = new CorsPolicyBuilder() + .AllowAnyMethod() + .AllowAnyHeader(); + + // No hosts configured or only default configured. + if (corsHosts.Length == 0 + || (corsHosts.Length == 1 + && string.Equals(corsHosts[0], CorsConstants.AnyOrigin, StringComparison.Ordinal))) + { + builder.AllowAnyOrigin(); + } + else + { + builder.WithOrigins(corsHosts) + .AllowCredentials(); + } + + return Task.FromResult(builder.Build()); + } } } diff --git a/Jellyfin.Server/Models/ServerCorsPolicy.cs b/Jellyfin.Server/Models/ServerCorsPolicy.cs deleted file mode 100644 index 3a45db3b4..000000000 --- a/Jellyfin.Server/Models/ServerCorsPolicy.cs +++ /dev/null @@ -1,47 +0,0 @@ -using System; -using Microsoft.AspNetCore.Cors.Infrastructure; - -namespace Jellyfin.Server.Models -{ - /// - /// Server Cors Policy. - /// - public class ServerCorsPolicy - { - /// - /// Default policy name. - /// - public const string DefaultPolicyName = nameof(ServerCorsPolicy); - - /// - /// Initializes a new instance of the class. - /// - /// The configured cors hosts. - public ServerCorsPolicy(string[] corsHosts) - { - var builder = new CorsPolicyBuilder() - .AllowAnyMethod() - .AllowAnyHeader(); - - // No hosts configured or only default configured. - if (corsHosts.Length == 0 - || (corsHosts.Length == 1 - && string.Equals(corsHosts[0], "*", StringComparison.Ordinal))) - { - builder.AllowAnyOrigin(); - } - else - { - builder.WithOrigins(corsHosts) - .AllowCredentials(); - } - - Policy = builder.Build(); - } - - /// - /// Gets the cors policy. - /// - public CorsPolicy Policy { get; } - } -} diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs index 5601915a3..16629b5d9 100644 --- a/Jellyfin.Server/Startup.cs +++ b/Jellyfin.Server/Startup.cs @@ -5,7 +5,6 @@ using Jellyfin.Api.TypeConverters; using Jellyfin.Server.Extensions; using Jellyfin.Server.Implementations; using Jellyfin.Server.Middleware; -using Jellyfin.Server.Models; using MediaBrowser.Common.Net; using MediaBrowser.Controller; using MediaBrowser.Controller.Configuration; @@ -53,9 +52,7 @@ namespace Jellyfin.Server { options.HttpsPort = _serverApplicationHost.HttpsPort; }); - services.AddJellyfinApi( - _serverApplicationHost.GetApiPluginAssemblies(), - _serverConfigurationManager.Configuration.CorsHosts); + services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies()); services.AddJellyfinApiSwagger(); @@ -118,7 +115,7 @@ namespace Jellyfin.Server mainApp.UseResponseCompression(); - mainApp.UseCors(ServerCorsPolicy.DefaultPolicyName); + mainApp.UseCors(); if (_serverConfigurationManager.Configuration.RequireHttps && _serverApplicationHost.ListenWithHttps)