Adding security headers. Cleaning up.

Kyoo/ClientApp/src/app/player/player.component.ts

@@ -43,6 +43,8 @@ export class PlayerComponent implements OnInit
 	playMethod: method;
 
 	private player: HTMLVideoElement;
+	private dashPlayer: dashjs.MediaPlayerClass = MediaPlayer().create();
+	private dashPlayerInitialized: boolean = false;
 	private thumb: HTMLElement;
 	private progress: HTMLElement;
 	private buffered: HTMLElement;
@@ -355,7 +357,6 @@ export class PlayerComponent implements OnInit
 	init()
 	{
 		let queryMethod: string = this.route.snapshot.queryParams["method"];
-		console.log("Query method: " + queryMethod);
 		if (queryMethod)
 			this.playMethod = method[queryMethod];
     else
@@ -380,19 +381,22 @@ export class PlayerComponent implements OnInit
 
 	selectPlayMethod()
 	{
+		if (this.dashPlayerInitialized)
+		  this.dashPlayer.reset();
 		if (this.playMethod == method.direct)
 		{
 			this.player.src = "/video/" + this.item.link;
+			this.dashPlayerInitialized = false;
 		}
 		else if (this.playMethod == method.transmux)
 		{
-			var dashPlayer = MediaPlayer().create();
+			this.dashPlayer.initialize(this.player, "/video/transmux/" + this.item.link + "/", true);
-			dashPlayer.initialize(this.player, "/video/transmux/" + this.item.link + "/", true);
+			this.dashPlayerInitialized = true;
 		}
 		else
 		{
-			var dashPlayer = MediaPlayer().create();
+			this.dashPlayer.initialize(this.player, "/video/transcode/" + this.item.link + "/", true);
-			dashPlayer.initialize(this.player, "/video/transcode/" + this.item.link + "/", true);
+			this.dashPlayerInitialized = true;
 		}
 	}
 

Kyoo/ClientApp/src/index.html

@@ -8,7 +8,6 @@
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <meta name="theme-color" content="#000000" />
     <link rel="icon" type="image/x-icon" href="favicon.ico">
-    <script>window.VIDEOJS_NO_DYNAMIC_STYLE = true</script>
   </head>
   <body>
     <app-root></app-root>

Kyoo/InternalAPI/Transcoder/Transcoder.cs

@@ -53,13 +53,13 @@ namespace Kyoo.InternalAPI
             if (File.Exists(manifest))
                 return manifest;
             // Added an await and removed the while -> await because the dynamic dash file can't be played for now (maybe ffmpeg doesn't process in the playback order).
-            await Task.Run(() => 
+            /*await */Task.Run(() => 
             { 
                 transmuxFailed = TranscoderAPI.transmux(episode.Path, manifest.Replace('\\', '/'), out playableDuration) != 0;
-                playableDuration = float.MaxValue;
+                //playableDuration = float.MaxValue;
             });
-            //while (playableDuration < 20 || (!File.Exists(manifest) && !transmuxFailed))
+            while (playableDuration < 20 || (!File.Exists(manifest) && !transmuxFailed))
-            //    await Task.Delay(10);
+                await Task.Delay(10);
             return transmuxFailed ? null : manifest;
         }
 

Kyoo/Program.cs

@@ -13,7 +13,7 @@ namespace Kyoo
 
         public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
             WebHost.CreateDefaultBuilder(args)
-                .UseKestrel()
+                .UseKestrel((config) => { config.AddServerHeader = false; })
                 .UseUrls("http://*:5000")
                 .UseStartup<Startup>();
     }

Kyoo/Startup.cs

@@ -53,6 +53,19 @@ namespace Kyoo
                 app.UseHsts();
             }
 
+            app.Use((ctx, next) => 
+            {
+                ctx.Response.Headers.Remove("X-Powered-By");
+                ctx.Response.Headers.Remove("Server");
+                ctx.Response.Headers.Add("Feature-Policy", "autoplay 'self'; fullscreen");
+                ctx.Response.Headers.Add("Content-Security-Policy", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'");
+                ctx.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN");
+                ctx.Response.Headers.Add("Referrer-Policy", "no-referrer");
+                ctx.Response.Headers.Add("Access-Control-Allow-Origin", "null");
+                ctx.Response.Headers.Add("X-Content-Type-Options", "nosniff");
+                return next();
+            });
+
             //app.UseHttpsRedirection();
             app.UseStaticFiles();
             app.UseSpaStaticFiles();