diff options
4 files changed, 24 insertions, 3 deletions
diff --git a/Emby.Server.Implementations/ApplicationHost.cs b/Emby.Server.Implementations/ApplicationHost.cs index 699621043..57c509923 100644 --- a/Emby.Server.Implementations/ApplicationHost.cs +++ b/Emby.Server.Implementations/ApplicationHost.cs @@ -1931,13 +1931,13 @@ namespace Emby.Server.Implementations { get { - return SupportsHttps && ServerConfigurationManager.Configuration.EnableHttps; + return SupportsHttps && (ServerConfigurationManager.Configuration.EnableHttps || ServerConfigurationManager.Configuration.RequireHttps); } } public bool SupportsHttps { - get { return Certificate != null; } + get { return Certificate != null || ServerConfigurationManager.Configuration.IsBehindProxy; } } public async Task<string> GetLocalApiUrl() diff --git a/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs b/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs index 9b434d606..2cef46839 100644 --- a/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs +++ b/Emby.Server.Implementations/EntryPoints/ExternalPortForwarding.cs @@ -48,7 +48,7 @@ namespace Emby.Server.Implementations.EntryPoints values.Add(config.PublicPort.ToString(CultureInfo.InvariantCulture)); values.Add(_appHost.HttpPort.ToString(CultureInfo.InvariantCulture)); values.Add(_appHost.HttpsPort.ToString(CultureInfo.InvariantCulture)); - values.Add(config.EnableHttps.ToString()); + values.Add((config.EnableHttps || config.RequireHttps).ToString()); values.Add(_appHost.EnableHttps.ToString()); return string.Join("|", values.ToArray(values.Count)); diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs index 031d1d90b..acc247e45 100644 --- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs +++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs @@ -423,6 +423,19 @@ namespace Emby.Server.Implementations.HttpServer return true; } + private bool ValidateSsl(string remoteIp) + { + if (_config.Configuration.RequireHttps && _appHost.EnableHttps) + { + if (!_networkManager.IsInLocalNetwork(remoteIp)) + { + return false; + } + } + + return true; + } + /// <summary> /// Overridable method that can be used to implement a custom hnandler /// </summary> @@ -453,6 +466,12 @@ namespace Emby.Server.Implementations.HttpServer return; } + if (!ValidateSsl(httpReq.RemoteIp)) + { + RedirectToUrl(httpRes, urlString.Replace("http://", "https://", StringComparison.OrdinalIgnoreCase)); + return; + } + if (string.Equals(httpReq.Verb, "OPTIONS", StringComparison.OrdinalIgnoreCase)) { httpRes.StatusCode = 200; diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs index 7c7358845..f7fffbf79 100644 --- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs +++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs @@ -181,6 +181,8 @@ namespace MediaBrowser.Model.Configuration public string[] CodecsUsed { get; set; } public bool EnableChannelView { get; set; } public bool EnableExternalContentInSuggestions { get; set; } + public bool RequireHttps { get; set; } + public bool IsBehindProxy { get; set; } public int ImageExtractionTimeoutMs { get; set; } |