4 files changed, 53 insertions, 63 deletions

diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 8dcce93a4..65db33155 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -16,12 +16,13 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
 using Jellyfin.Server.Formatters;
-using Jellyfin.Server.Models;
+using Jellyfin.Server.Middleware;
 using MediaBrowser.Common.Json;
 using MediaBrowser.Model.Entities;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors.Infrastructure;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.OpenApi.Models;
@@ -134,18 +135,15 @@ namespace Jellyfin.Server.Extensions
         /// </summary>
         /// <param name="serviceCollection">The service collection.</param>
         /// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param>
-        /// /// <param name="corsHosts">The configured cors hosts.</param>
+        /// ///
         /// <returns>The MVC builder.</returns>
         public static IMvcBuilder AddJellyfinApi(
             this IServiceCollection serviceCollection,
-            IEnumerable<Assembly> pluginAssemblies,
-            string[] corsHosts)
+            IEnumerable<Assembly> pluginAssemblies)
         {
             IMvcBuilder mvcBuilder = serviceCollection
-                .AddCors(options =>
-                {
-                    options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, new ServerCorsPolicy(corsHosts).Policy);
-                })
+                .AddCors()
+                .AddTransient<ICorsPolicyProvider, CorsPolicyProvider>()
                 .Configure<ForwardedHeadersOptions>(options =>
                 {
                     options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
diff --git a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
index 7c2b28ed8..02178e29c 100644
--- a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
+++ b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
@@ -1,7 +1,49 @@
-namespace Jellyfin.Server.Middleware
+using System;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
 {
-    public class CorsPolicyProvider
+    /// <summary>
+    /// Cors policy provider.
+    /// </summary>
+    public class CorsPolicyProvider : ICorsPolicyProvider
     {
-        
+        private readonly IServerConfigurationManager _serverConfigurationManager;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="CorsPolicyProvider"/> class.
+        /// </summary>
+        /// <param name="serverConfigurationManager">Instance of the <see cref="IServerConfigurationManager"/> interface.</param>
+        public CorsPolicyProvider(IServerConfigurationManager serverConfigurationManager)
+        {
+            _serverConfigurationManager = serverConfigurationManager;
+        }
+
+        /// <inheritdoc />
+        public Task<CorsPolicy> GetPolicyAsync(HttpContext context, string policyName)
+        {
+            var corsHosts = _serverConfigurationManager.Configuration.CorsHosts;
+            var builder = new CorsPolicyBuilder()
+                .AllowAnyMethod()
+                .AllowAnyHeader();
+
+            // No hosts configured or only default configured.
+            if (corsHosts.Length == 0
+                || (corsHosts.Length == 1
+                    && string.Equals(corsHosts[0], CorsConstants.AnyOrigin, StringComparison.Ordinal)))
+            {
+                builder.AllowAnyOrigin();
+            }
+            else
+            {
+                builder.WithOrigins(corsHosts)
+                    .AllowCredentials();
+            }
+
+            return Task.FromResult(builder.Build());
+        }
     }
 }
diff --git a/Jellyfin.Server/Models/ServerCorsPolicy.cs b/Jellyfin.Server/Models/ServerCorsPolicy.cs
deleted file mode 100644
index 3a45db3b4..000000000
--- a/Jellyfin.Server/Models/ServerCorsPolicy.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-using System;
-using Microsoft.AspNetCore.Cors.Infrastructure;
-
-namespace Jellyfin.Server.Models
-{
-    /// <summary>
-    /// Server Cors Policy.
-    /// </summary>
-    public class ServerCorsPolicy
-    {
-        /// <summary>
-        /// Default policy name.
-        /// </summary>
-        public const string DefaultPolicyName = nameof(ServerCorsPolicy);
-
-        /// <summary>
-        /// Initializes a new instance of the <see cref="ServerCorsPolicy"/> class.
-        /// </summary>
-        /// <param name="corsHosts">The configured cors hosts.</param>
-        public ServerCorsPolicy(string[] corsHosts)
-        {
-            var builder = new CorsPolicyBuilder()
-                .AllowAnyMethod()
-                .AllowAnyHeader();
-
-            // No hosts configured or only default configured.
-            if (corsHosts.Length == 0
-                || (corsHosts.Length == 1
-                    && string.Equals(corsHosts[0], "*", StringComparison.Ordinal)))
-            {
-                builder.AllowAnyOrigin();
-            }
-            else
-            {
-                builder.WithOrigins(corsHosts)
-                    .AllowCredentials();
-            }
-
-            Policy = builder.Build();
-        }
-
-        /// <summary>
-        /// Gets the cors policy.
-        /// </summary>
-        public CorsPolicy Policy { get; }
-    }
-}
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index 5601915a3..16629b5d9 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -5,7 +5,6 @@ using Jellyfin.Api.TypeConverters;
 using Jellyfin.Server.Extensions;
 using Jellyfin.Server.Implementations;
 using Jellyfin.Server.Middleware;
-using Jellyfin.Server.Models;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.Configuration;
@@ -53,9 +52,7 @@ namespace Jellyfin.Server
             {
                 options.HttpsPort = _serverApplicationHost.HttpsPort;
             });
-            services.AddJellyfinApi(
-                _serverApplicationHost.GetApiPluginAssemblies(),
-                _serverConfigurationManager.Configuration.CorsHosts);
+            services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies());
 
             services.AddJellyfinApiSwagger();
 
@@ -118,7 +115,7 @@ namespace Jellyfin.Server
 
                 mainApp.UseResponseCompression();
 
-                mainApp.UseCors(ServerCorsPolicy.DefaultPolicyName);
+                mainApp.UseCors();
 
                 if (_serverConfigurationManager.Configuration.RequireHttps
                     && _serverApplicationHost.ListenWithHttps)