Always allow set credentials header

author: crobibero <cody@robibe.ro> 2020-08-30 10:05:21 -0600
committer: crobibero <cody@robibe.ro> 2020-08-30 10:05:21 -0600
commit: eba0d9e387dc0375628acfd81957ff180c82d8df (patch)
tree: 50d77feb7d9164544ab31985900bbef4b5aec8f4
parent: 3c0484cc9730c06892b996d0b884a05ecada07af (diff)
1 files changed, 3 insertions, 5 deletions
diff --git a/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs b/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs
index 4fad898a7..c4c491cdd 100644
--- a/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs
+++ b/Jellyfin.Server/Middleware/DynamicCorsMiddleware.cs
@@ -52,12 +52,10 @@ namespace Jellyfin.Server.Middleware
                     && string.Equals(headerValue, "*", StringComparison.Ordinal))
                 {
                     context.Response.Headers[HeaderNames.AccessControlAllowOrigin] = context.Request.Host.Value;
-                    _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value);
 
-                    if (!context.Response.Headers.ContainsKey(HeaderNames.AccessControlAllowCredentials))
-                    {
-                        context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
-                    }
+                    // Always allow credentials.
+                    context.Response.Headers[HeaderNames.AccessControlAllowCredentials] = "true";
+                    _logger.LogDebug("Overwriting CORS response header: {HeaderName}: {HeaderValue}", HeaderNames.AccessControlAllowOrigin, context.Request.Host.Value);
                 }
             }
author	crobibero <cody@robibe.ro>	2020-08-30 10:05:21 -0600
committer	crobibero <cody@robibe.ro>	2020-08-30 10:05:21 -0600
commit	eba0d9e387dc0375628acfd81957ff180c82d8df (patch)
tree	50d77feb7d9164544ab31985900bbef4b5aec8f4
parent	3c0484cc9730c06892b996d0b884a05ecada07af (diff)