From 5eb0006588c8899f0b2ce7900f20e14acfeb977e Mon Sep 17 00:00:00 2001
From: Luke Pulverenti <luke.pulverenti@gmail.com>
Date: Sat, 13 Jun 2015 00:14:48 -0400
Subject: [PATCH] add xframe setting

---
 .../Configuration/ServerConfiguration.cs      |  3 +
 .../HttpServer/HttpListenerHost.cs            | 12 ++--
 .../HttpServer/ResponseFilter.cs              | 10 ++-
 .../HttpServer/ServerFactory.cs               |  9 ++-
 .../ApplicationHost.cs                        |  2 +-
 .../Api/DashboardService.cs                   | 63 ++++++++++++++++++-
 .../Api/PackageCreator.cs                     |  1 -
 .../MediaBrowser.WebDashboard.csproj          |  3 +
 8 files changed, 91 insertions(+), 12 deletions(-)

diff --git a/MediaBrowser.Model/Configuration/ServerConfiguration.cs b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
index a0a7fc90d5..ec9e6e10ff 100644
--- a/MediaBrowser.Model/Configuration/ServerConfiguration.cs
+++ b/MediaBrowser.Model/Configuration/ServerConfiguration.cs
@@ -208,6 +208,8 @@ namespace MediaBrowser.Model.Configuration
         public bool EnableVideoArchiveFiles { get; set; }
         public int RemoteClientBitrateLimit { get; set; }
 
+        public bool DenyIFrameEmbedding { get; set; }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="ServerConfiguration" /> class.
         /// </summary>
@@ -224,6 +226,7 @@ namespace MediaBrowser.Model.Configuration
             EnableDashboardResourceMinification = true;
 
             EnableAutomaticRestart = true;
+            DenyIFrameEmbedding = true;
 
             EnableUPnP = true;
 
diff --git a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
index dc9656f80d..556fda1cdf 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
@@ -1,6 +1,7 @@
 using Funq;
 using MediaBrowser.Common;
 using MediaBrowser.Common.Extensions;
+using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.Logging;
 using MediaBrowser.Server.Implementations.HttpServer.SocketSharp;
@@ -43,6 +44,8 @@ namespace MediaBrowser.Server.Implementations.HttpServer
 
         public string CertificatePath { get; private set; }
 
+        private readonly IServerConfigurationManager _config;
+
         /// <summary>
         /// Gets the local end points.
         /// </summary>
@@ -62,13 +65,14 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         }
 
         public HttpListenerHost(IApplicationHost applicationHost,
-            ILogManager logManager,
+            ILogManager logManager, 
+            IServerConfigurationManager config,
             string serviceName,
-            string defaultRedirectPath,
-            params Assembly[] assembliesWithServices)
+            string defaultRedirectPath, params Assembly[] assembliesWithServices)
             : base(serviceName, assembliesWithServices)
         {
             DefaultRedirectPath = defaultRedirectPath;
+            _config = config;
 
             _logger = logManager.GetLogger("HttpServer");
 
@@ -115,7 +119,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
                 }
             });
 
-            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger).FilterResponse);
+            HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger, () => _config.Configuration.DenyIFrameEmbedding).FilterResponse);
         }
 
         public override void OnAfterInit()
diff --git a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
index 7490d62d63..f9184f6d1d 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
@@ -12,10 +12,12 @@ namespace MediaBrowser.Server.Implementations.HttpServer
     {
         private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
         private readonly ILogger _logger;
+        private readonly Func<bool> _denyIframeEmbedding;
 
-        public ResponseFilter(ILogger logger)
+        public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
         {
             _logger = logger;
+            _denyIframeEmbedding = denyIframeEmbedding;
         }
 
         /// <summary>
@@ -28,7 +30,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         {
             // Try to prevent compatibility view
             res.AddHeader("X-UA-Compatible", "IE=Edge");
-            res.AddHeader("X-Frame-Options", "DENY");
+
+            if (_denyIframeEmbedding())
+            {
+                res.AddHeader("X-Frame-Options", "DENY");
+            }
 
             var exception = dto as Exception;
 
diff --git a/MediaBrowser.Server.Implementations/HttpServer/ServerFactory.cs b/MediaBrowser.Server.Implementations/HttpServer/ServerFactory.cs
index d1222ab746..4d81ec157e 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/ServerFactory.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/ServerFactory.cs
@@ -1,4 +1,5 @@
 using MediaBrowser.Common;
+using MediaBrowser.Controller.Configuration;
 using MediaBrowser.Controller.Net;
 using MediaBrowser.Model.Logging;
 using ServiceStack.Logging;
@@ -15,17 +16,19 @@ namespace MediaBrowser.Server.Implementations.HttpServer
         /// </summary>
         /// <param name="applicationHost">The application host.</param>
         /// <param name="logManager">The log manager.</param>
+        /// <param name="config">The configuration.</param>
         /// <param name="serverName">Name of the server.</param>
         /// <param name="defaultRedirectpath">The default redirectpath.</param>
         /// <returns>IHttpServer.</returns>
-        public static IHttpServer CreateServer(IApplicationHost applicationHost, 
-            ILogManager logManager, 
+        public static IHttpServer CreateServer(IApplicationHost applicationHost,
+            ILogManager logManager,
+            IServerConfigurationManager config, 
             string serverName, 
             string defaultRedirectpath)
         {
             LogManager.LogFactory = new ServerLogFactory(logManager);
 
-            return new HttpListenerHost(applicationHost, logManager, serverName, defaultRedirectpath);
+            return new HttpListenerHost(applicationHost, logManager, config, serverName, defaultRedirectpath);
         }
     }
 }
diff --git a/MediaBrowser.Server.Startup.Common/ApplicationHost.cs b/MediaBrowser.Server.Startup.Common/ApplicationHost.cs
index 0a5624bdfe..398db48e18 100644
--- a/MediaBrowser.Server.Startup.Common/ApplicationHost.cs
+++ b/MediaBrowser.Server.Startup.Common/ApplicationHost.cs
@@ -431,7 +431,7 @@ namespace MediaBrowser.Server.Startup.Common
 
             RegisterSingleInstance<ISearchEngine>(() => new SearchEngine(LogManager, LibraryManager, UserManager));
 
-            HttpServer = ServerFactory.CreateServer(this, LogManager, "Emby", "web/index.html");
+            HttpServer = ServerFactory.CreateServer(this, LogManager, ServerConfigurationManager, "Emby", "web/index.html");
             RegisterSingleInstance(HttpServer, false);
             progress.Report(10);
 
diff --git a/MediaBrowser.WebDashboard/Api/DashboardService.cs b/MediaBrowser.WebDashboard/Api/DashboardService.cs
index 18f75939c6..72744f249c 100644
--- a/MediaBrowser.WebDashboard/Api/DashboardService.cs
+++ b/MediaBrowser.WebDashboard/Api/DashboardService.cs
@@ -1,4 +1,5 @@
-using MediaBrowser.Common.Extensions;
+using System.Text;
+using MediaBrowser.Common.Extensions;
 using MediaBrowser.Common.IO;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.Configuration;
@@ -16,6 +17,7 @@ using System.Collections.Generic;
 using System.IO;
 using System.Linq;
 using System.Threading.Tasks;
+using WebMarkupMin.Core.Minifiers;
 
 namespace MediaBrowser.WebDashboard.Api
 {
@@ -308,6 +310,11 @@ namespace MediaBrowser.WebDashboard.Api
                 File.Delete(Path.Combine(path, "thirdparty", "jquerymobile-1.4.5", "jquery.mobile-1.4.5.min.map"));
             }
 
+            MinifyCssDirectory(Path.Combine(path, "css"));
+            MinifyJsDirectory(Path.Combine(path, "scripts"));
+            MinifyJsDirectory(Path.Combine(path, "thirdparty", "apiclient"));
+            MinifyJsDirectory(Path.Combine(path, "voice"));
+
             await DumpHtml(creator.DashboardUIPath, path, mode, culture, appVersion);
             await DumpJs(creator.DashboardUIPath, path, mode, culture, appVersion);
 
@@ -317,6 +324,60 @@ namespace MediaBrowser.WebDashboard.Api
             return "";
         }
 
+        private void MinifyCssDirectory(string path)
+        {
+            foreach (var file in Directory.GetFiles(path, "*.css", SearchOption.AllDirectories))
+            {
+                try
+                {
+                    var text = File.ReadAllText(file, Encoding.UTF8);
+
+                    var result = new KristensenCssMinifier().Minify(text, false, Encoding.UTF8);
+
+                    if (result.Errors.Count > 0)
+                    {
+                        Logger.Error("Error minifying css: " + result.Errors[0].Message);
+                    }
+                    else
+                    {
+                        text = result.MinifiedContent;
+                        File.WriteAllText(file, text, Encoding.UTF8);
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Logger.ErrorException("Error minifying css", ex);
+                }
+            }
+        }
+
+        private void MinifyJsDirectory(string path)
+        {
+            foreach (var file in Directory.GetFiles(path, "*.js", SearchOption.AllDirectories))
+            {
+                try
+                {
+                    var text = File.ReadAllText(file, Encoding.UTF8);
+
+                    var result = new CrockfordJsMinifier().Minify(text, false, Encoding.UTF8);
+
+                    if (result.Errors.Count > 0)
+                    {
+                        Logger.Error("Error minifying javascript: " + result.Errors[0].Message);
+                    }
+                    else
+                    {
+                        text = result.MinifiedContent;
+                        File.WriteAllText(file, text, Encoding.UTF8);
+                    }
+                }
+                catch (Exception ex)
+                {
+                    Logger.ErrorException("Error minifying css", ex);
+                }
+            }
+        }
+
         private async Task DumpHtml(string source, string destination, string mode, string culture, string appVersion)
         {
             foreach (var file in Directory.GetFiles(source, "*.html", SearchOption.TopDirectoryOnly))
diff --git a/MediaBrowser.WebDashboard/Api/PackageCreator.cs b/MediaBrowser.WebDashboard/Api/PackageCreator.cs
index 3a8be79407..dd1eba9a56 100644
--- a/MediaBrowser.WebDashboard/Api/PackageCreator.cs
+++ b/MediaBrowser.WebDashboard/Api/PackageCreator.cs
@@ -548,7 +548,6 @@ namespace MediaBrowser.WebDashboard.Api
                                 "nowplayingbar.js",
                                 "alphapicker.js",
                                 "directorybrowser.js",
-                                "indexpage.js",
                                 "moviecollections.js",
                                 "notifications.js",
                                 "remotecontrol.js",
diff --git a/MediaBrowser.WebDashboard/MediaBrowser.WebDashboard.csproj b/MediaBrowser.WebDashboard/MediaBrowser.WebDashboard.csproj
index 2636d36d03..73d957145e 100644
--- a/MediaBrowser.WebDashboard/MediaBrowser.WebDashboard.csproj
+++ b/MediaBrowser.WebDashboard/MediaBrowser.WebDashboard.csproj
@@ -120,6 +120,9 @@
     <Content Include="dashboard-ui\scripts\htmlmediarenderer.js">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>
+    <Content Include="dashboard-ui\scripts\sections.js">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </Content>
     <Content Include="dashboard-ui\thirdparty\apiclient\localassetmanager.js">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </Content>