diff options
Diffstat (limited to 'Jellyfin.Server/Models/ServerCorsPolicy.cs')
| -rw-r--r-- | Jellyfin.Server/Models/ServerCorsPolicy.cs | 43 |
1 files changed, 30 insertions, 13 deletions
diff --git a/Jellyfin.Server/Models/ServerCorsPolicy.cs b/Jellyfin.Server/Models/ServerCorsPolicy.cs index ae010c042..3a45db3b4 100644 --- a/Jellyfin.Server/Models/ServerCorsPolicy.cs +++ b/Jellyfin.Server/Models/ServerCorsPolicy.cs @@ -1,30 +1,47 @@ -using Microsoft.AspNetCore.Cors.Infrastructure; +using System; +using Microsoft.AspNetCore.Cors.Infrastructure; namespace Jellyfin.Server.Models { /// <summary> /// Server Cors Policy. /// </summary> - public static class ServerCorsPolicy + public class ServerCorsPolicy { /// <summary> /// Default policy name. /// </summary> - public const string DefaultPolicyName = "DefaultCorsPolicy"; + public const string DefaultPolicyName = nameof(ServerCorsPolicy); /// <summary> - /// Default Policy. Allow Everything. + /// Initializes a new instance of the <see cref="ServerCorsPolicy"/> class. /// </summary> - public static readonly CorsPolicy DefaultPolicy = new CorsPolicy + /// <param name="corsHosts">The configured cors hosts.</param> + public ServerCorsPolicy(string[] corsHosts) { - // Allow any origin - Origins = { "*" }, + var builder = new CorsPolicyBuilder() + .AllowAnyMethod() + .AllowAnyHeader(); - // Allow any method - Methods = { "*" }, + // No hosts configured or only default configured. + if (corsHosts.Length == 0 + || (corsHosts.Length == 1 + && string.Equals(corsHosts[0], "*", StringComparison.Ordinal))) + { + builder.AllowAnyOrigin(); + } + else + { + builder.WithOrigins(corsHosts) + .AllowCredentials(); + } - // Allow any header - Headers = { "*" } - }; + Policy = builder.Build(); + } + + /// <summary> + /// Gets the cors policy. + /// </summary> + public CorsPolicy Policy { get; } } -}
\ No newline at end of file +} |