Cutlery/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-08-07 09:01:31 -04:00
Code Issues Packages Projects Releases Wiki Activity

CORS

Browse Source
This commit is contained in:
Vito0912 2025-08-03 13:52:58 +02:00
parent 3337b3af18
commit 6a52d2a968
No known key found for this signature in database
GPG Key ID: A0F767011D6093A2
3 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
client/pages/config/index.vue
View File

@ -144,6 +144,10 @@
<ui-dropdown :label="$strings.LabelLanguageDefaultServer" ref="langDropdown" v-model="newServerSettings.language" :items="$languageCodeOptions" small class="max-w-52" @input="updateServerLanguage" />
</div>
<div class="py-2">
<ui-multi-select v-model="newServerSettings.allowedOrigins" :items="newServerSettings.allowedOrigins" label="Allowed Cors" class="max-w-52" @input="updateCorsOrigins" />
</div>
<!-- old experimental features -->
<!-- <div class="pt-4">
<h2 class="font-semibold">{{ $strings.HeaderSettingsExperimental }}</h2>
@ -323,6 +327,26 @@ export default {
updateServerLanguage(val) {
this.updateSettingsKey('language', val)
},
updateCorsOrigins(val) {
const containsInvalid = val.some((origin) => {
try {
new URL(origin)
return false
} catch {
return true
}
})
if (containsInvalid) {
this.$toast.error('Invalid CORS origin')
this.newServerSettings.allowedOrigins = val.map((origin) => origin.trim().toLowerCase())
return
}
this.newServerSettings.allowedOrigins = val.map((origin) => origin.trim().toLowerCase())
this.updateSettingsKey('allowedOrigins', this.newServerSettings.allowedOrigins)
},
updateSettingsKey(key, val) {
if (key === 'scannerDisableWatcher') {
this.newServerSettings.scannerDisableWatcher = val
@ -352,6 +376,7 @@ export default {
initServerSettings() {
this.newServerSettings = this.serverSettings ? { ...this.serverSettings } : {}
this.newServerSettings.sortingPrefixes = [...(this.newServerSettings.sortingPrefixes || [])]
this.newServerSettings.allowedOrigins = [...(this.newServerSettings.allowedOrigins || [])]
this.scannerEnableWatcher = !this.newServerSettings.scannerDisableWatcher
this.homepageUseBookshelfView = this.newServerSettings.homeBookshelfView != this.$constants.BookshelfView.DETAIL

4
server/Server.js
View File

@ -240,8 +240,8 @@ class Server {
* Running in development allows cors to allow testing the mobile apps in the browser
* or env variable ALLOW_CORS = '1'
*/
if (global.AllowCors || Logger.isDev || req.path.match(/\/api\/items\/([a-z0-9-]{36})\/(ebook|cover)(\/[0-9]+)?/)) {
const allowedOrigins = ['capacitor://localhost', 'http://localhost']
if (global.AllowCors || Logger.isDev || req.path.match(/\/api\/items\/([a-z0-9-]{36})\/(ebook|cover)(\/[0-9]+)?/) || global.ServerSettings.allowedOrigins?.length) {
const allowedOrigins = ['capacitor://localhost', 'http://localhost', ...(global.ServerSettings.allowedOrigins ? global.ServerSettings.allowedOrigins : [])]
if (global.AllowCors || Logger.isDev || allowedOrigins.some((o) => o === req.get('origin'))) {
res.header('Access-Control-Allow-Origin', req.get('origin'))
res.header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, DELETE, OPTIONS')

3
server/objects/settings/ServerSettings.js
View File

@ -53,6 +53,7 @@ class ServerSettings {
this.dateFormat = 'MM/dd/yyyy'
this.timeFormat = 'HH:mm'
this.language = 'en-us'
this.allowedOrigins = []
this.logLevel = Logger.logLevel
@ -120,6 +121,7 @@ class ServerSettings {
this.dateFormat = settings.dateFormat || 'MM/dd/yyyy'
this.timeFormat = settings.timeFormat || 'HH:mm'
this.language = settings.language || 'en-us'
this.allowedOrigins = settings.allowedOrigins || []
this.logLevel = settings.logLevel || Logger.logLevel
this.version = settings.version || null
this.buildNumber = settings.buildNumber || 0 // Added v2.4.5
@ -231,6 +233,7 @@ class ServerSettings {
dateFormat: this.dateFormat,
timeFormat: this.timeFormat,
language: this.language,
allowedOrigins: this.allowedOrigins,
logLevel: this.logLevel,
version: this.version,
buildNumber: this.buildNumber,