Merge remote-tracking branch 'upstream/master' into access-control

author: ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com> 2020-05-18 14:27:51 -0500
committer: ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com> 2020-05-18 14:27:51 -0500
commit: 3a61c9a878110485c2e5385d0260959beefeb9d4 (patch)
tree: 732723860e099ce655b2b9d04ecdb20d9c83e9ee /Emby.Server.Implementations/HttpServer/ResponseFilter.cs
parent: df65e3ab0db8fd55a6a02b8c067565abc926136f (diff)
parent: e14c85555c6e906175a77c96e96180baf95964a5 (diff)
1 files changed, 15 insertions, 4 deletions
diff --git a/Emby.Server.Implementations/HttpServer/ResponseFilter.cs b/Emby.Server.Implementations/HttpServer/ResponseFilter.cs
index 4089aa578..85c3db9b2 100644
--- a/Emby.Server.Implementations/HttpServer/ResponseFilter.cs
+++ b/Emby.Server.Implementations/HttpServer/ResponseFilter.cs
@@ -1,6 +1,8 @@
 using System;
+using System.Collections.Generic;
 using System.Globalization;
 using System.Text;
+using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.Services;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
@@ -13,14 +15,17 @@ namespace Emby.Server.Implementations.HttpServer
     /// </summary>
     public class ResponseFilter
     {
+        private readonly IHttpServer _server;
         private readonly ILogger _logger;
 
         /// <summary>
         /// Initializes a new instance of the <see cref="ResponseFilter"/> class.
         /// </summary>
+        /// <param name="server">The HTTP server.</param>
         /// <param name="logger">The logger.</param>
-        public ResponseFilter(ILogger logger)
+        public ResponseFilter(IHttpServer server, ILogger logger)
         {
+            _server = server;
             _logger = logger;
         }
 
@@ -32,10 +37,16 @@ namespace Emby.Server.Implementations.HttpServer
         /// <param name="dto">The dto.</param>
         public void FilterResponse(IRequest req, HttpResponse res, object dto)
         {
+            foreach(var (key, value) in _server.GetDefaultCorsHeaders(req))
+            {
+                res.Headers.Add(key, value);
+            }
             // Try to prevent compatibility view
-            res.Headers.Add("Access-Control-Allow-Headers", "Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-MediaBrowser-Token, X-Emby-Authorization");
-            res.Headers.Add("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, PATCH, OPTIONS");
-            res.Headers.Add("Access-Control-Allow-Origin", "*");
+            res.Headers["Access-Control-Allow-Headers"] = ("Accept, Accept-Language, Authorization, Cache-Control, " +
+                "Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, " +
+                "Content-Type, Cookie, Date, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, " +
+                "Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-MediaBrowser-Token, " +
+                "X-Emby-Authorization");
 
             if (dto is Exception exception)
             {
author	ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com>	2020-05-18 14:27:51 -0500
committer	ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com>	2020-05-18 14:27:51 -0500
commit	3a61c9a878110485c2e5385d0260959beefeb9d4 (patch)
tree	732723860e099ce655b2b9d04ecdb20d9c83e9ee /Emby.Server.Implementations/HttpServer/ResponseFilter.cs
parent	df65e3ab0db8fd55a6a02b8c067565abc926136f (diff)
parent	e14c85555c6e906175a77c96e96180baf95964a5 (diff)