michael.heier/jellyfin
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Convert to ICorsPolicyProvider

Browse Source
This commit is contained in:
crobibero 2020-09-05 09:10:05 -06:00
parent 8a08111adc
commit 2c05d53b06
4 changed files with 53 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
View File

@ -16,12 +16,13 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants; using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers; using Jellyfin.Api.Controllers;
using Jellyfin.Server.Formatters; using Jellyfin.Server.Formatters;
using Jellyfin.Server.Models; using Jellyfin.Server.Middleware;
using MediaBrowser.Common.Json; using MediaBrowser.Common.Json;
using MediaBrowser.Model.Entities; using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection;
using Microsoft.OpenApi.Models; using Microsoft.OpenApi.Models;
@ -134,18 +135,15 @@ namespace Jellyfin.Server.Extensions
/// </summary> /// </summary>
/// <param name="serviceCollection">The service collection.</param> /// <param name="serviceCollection">The service collection.</param>
/// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param> /// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param>
/// /// <param name="corsHosts">The configured cors hosts.</param> /// ///
/// <returns>The MVC builder.</returns> /// <returns>The MVC builder.</returns>
public static IMvcBuilder AddJellyfinApi( public static IMvcBuilder AddJellyfinApi(
this IServiceCollection serviceCollection, this IServiceCollection serviceCollection,
IEnumerable<Assembly> pluginAssemblies, IEnumerable<Assembly> pluginAssemblies)
string[] corsHosts)
{ {
IMvcBuilder mvcBuilder = serviceCollection IMvcBuilder mvcBuilder = serviceCollection
.AddCors(options => .AddCors()
{ .AddTransient<ICorsPolicyProvider, CorsPolicyProvider>()
options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, new ServerCorsPolicy(corsHosts).Policy);
})
.Configure<ForwardedHeadersOptions>(options => .Configure<ForwardedHeadersOptions>(options =>
{ {
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;

48
Jellyfin.Server/Middleware/CorsPolicyProvider.cs
View File

@ -1,7 +1,49 @@
namespace Jellyfin.Server.Middleware using System;
using System.Threading.Tasks;
using MediaBrowser.Controller.Configuration;
using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.Http;
namespace Jellyfin.Server.Middleware
{ {
public class CorsPolicyProvider /// <summary>
/// Cors policy provider.
/// </summary>
public class CorsPolicyProvider : ICorsPolicyProvider
{ {
private readonly IServerConfigurationManager _serverConfigurationManager;
/// <summary>
/// Initializes a new instance of the <see cref="CorsPolicyProvider"/> class.
/// </summary>
/// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
public CorsPolicyProvider(IServerConfigurationManager serverConfigurationManager)
{
_serverConfigurationManager = serverConfigurationManager;
}
/// <inheritdoc />
public Task<CorsPolicy> GetPolicyAsync(HttpContext context, string policyName)
{
var corsHosts = _serverConfigurationManager.Configuration.CorsHosts;
var builder = new CorsPolicyBuilder()
.AllowAnyMethod()
.AllowAnyHeader();
// No hosts configured or only default configured.
if (corsHosts.Length == 0
|| (corsHosts.Length == 1
&& string.Equals(corsHosts[0], CorsConstants.AnyOrigin, StringComparison.Ordinal)))
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(corsHosts)
.AllowCredentials();
}
return Task.FromResult(builder.Build());
}
} }
} }

47
Jellyfin.Server/Models/ServerCorsPolicy.cs
View File

@ -1,47 +0,0 @@
using System;
using Microsoft.AspNetCore.Cors.Infrastructure;
namespace Jellyfin.Server.Models
{
/// <summary>
/// Server Cors Policy.
/// </summary>
public class ServerCorsPolicy
{
/// <summary>
/// Default policy name.
/// </summary>
public const string DefaultPolicyName = nameof(ServerCorsPolicy);
/// <summary>
/// Initializes a new instance of the <see cref="ServerCorsPolicy"/> class.
/// </summary>
/// <param name="corsHosts">The configured cors hosts.</param>
public ServerCorsPolicy(string[] corsHosts)
{
var builder = new CorsPolicyBuilder()
.AllowAnyMethod()
.AllowAnyHeader();
// No hosts configured or only default configured.
if (corsHosts.Length == 0
|| (corsHosts.Length == 1
&& string.Equals(corsHosts[0], "*", StringComparison.Ordinal)))
{
builder.AllowAnyOrigin();
}
else
{
builder.WithOrigins(corsHosts)
.AllowCredentials();
}
Policy = builder.Build();
}
/// <summary>
/// Gets the cors policy.
/// </summary>
public CorsPolicy Policy { get; }
}
}

7
Jellyfin.Server/Startup.cs
View File

@ -5,7 +5,6 @@ using Jellyfin.Api.TypeConverters;
using Jellyfin.Server.Extensions; using Jellyfin.Server.Extensions;
using Jellyfin.Server.Implementations; using Jellyfin.Server.Implementations;
using Jellyfin.Server.Middleware; using Jellyfin.Server.Middleware;
using Jellyfin.Server.Models;
using MediaBrowser.Common.Net; using MediaBrowser.Common.Net;
using MediaBrowser.Controller; using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration; using MediaBrowser.Controller.Configuration;
@ -53,9 +52,7 @@ namespace Jellyfin.Server
{ {
options.HttpsPort = _serverApplicationHost.HttpsPort; options.HttpsPort = _serverApplicationHost.HttpsPort;
}); });
services.AddJellyfinApi( services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies());
_serverApplicationHost.GetApiPluginAssemblies(),
_serverConfigurationManager.Configuration.CorsHosts);
services.AddJellyfinApiSwagger(); services.AddJellyfinApiSwagger();
@ -118,7 +115,7 @@ namespace Jellyfin.Server
mainApp.UseResponseCompression(); mainApp.UseResponseCompression();
mainApp.UseCors(ServerCorsPolicy.DefaultPolicyName); mainApp.UseCors();
if (_serverConfigurationManager.Configuration.RequireHttps if (_serverConfigurationManager.Configuration.RequireHttps
&& _serverApplicationHost.ListenWithHttps) && _serverApplicationHost.ListenWithHttps)