From a8601b379775180599cb935236fba4e5a89ee89d Mon Sep 17 00:00:00 2001
From: JPVenson <github@jpb.email>
Date: Mon, 9 Jun 2025 04:52:48 +0300
Subject: [PATCH] util forward headers on startup api (#14246)

---
 .../ApiServiceCollectionExtensions.cs         | 45 ++++++++++---------
 Jellyfin.Server/ServerSetupApp/SetupServer.cs | 10 ++++-
 2 files changed, 33 insertions(+), 22 deletions(-)

diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 09a4e2ed31..3038841dfa 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -116,26 +116,7 @@ namespace Jellyfin.Server.Extensions
                 .AddTransient<ICorsPolicyProvider, CorsPolicyProvider>()
                 .Configure<ForwardedHeadersOptions>(options =>
                 {
-                    // https://github.com/dotnet/aspnetcore/blob/master/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
-                    // Enable debug logging on Microsoft.AspNetCore.HttpOverrides.ForwardedHeadersMiddleware to help investigate issues.
-
-                    if (config.KnownProxies.Length == 0)
-                    {
-                        options.ForwardedHeaders = ForwardedHeaders.None;
-                        options.KnownNetworks.Clear();
-                        options.KnownProxies.Clear();
-                    }
-                    else
-                    {
-                        options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost;
-                        AddProxyAddresses(config, config.KnownProxies, options);
-                    }
-
-                    // Only set forward limit if we have some known proxies or some known networks.
-                    if (options.KnownProxies.Count != 0 || options.KnownNetworks.Count != 0)
-                    {
-                        options.ForwardLimit = null;
-                    }
+                    ConfigureForwardHeaders(config, options);
                 })
                 .AddMvc(opts =>
                 {
@@ -183,6 +164,30 @@ namespace Jellyfin.Server.Extensions
             return mvcBuilder.AddControllersAsServices();
         }
 
+        internal static void ConfigureForwardHeaders(NetworkConfiguration config, ForwardedHeadersOptions options)
+        {
+            // https://github.com/dotnet/aspnetcore/blob/master/src/Middleware/HttpOverrides/src/ForwardedHeadersMiddleware.cs
+            // Enable debug logging on Microsoft.AspNetCore.HttpOverrides.ForwardedHeadersMiddleware to help investigate issues.
+
+            if (config.KnownProxies.Length == 0)
+            {
+                options.ForwardedHeaders = ForwardedHeaders.None;
+                options.KnownNetworks.Clear();
+                options.KnownProxies.Clear();
+            }
+            else
+            {
+                options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost;
+                AddProxyAddresses(config, config.KnownProxies, options);
+            }
+
+            // Only set forward limit if we have some known proxies or some known networks.
+            if (options.KnownProxies.Count != 0 || options.KnownNetworks.Count != 0)
+            {
+                options.ForwardLimit = null;
+            }
+        }
+
         /// <summary>
         /// Adds Swagger to the service collection.
         /// </summary>
diff --git a/Jellyfin.Server/ServerSetupApp/SetupServer.cs b/Jellyfin.Server/ServerSetupApp/SetupServer.cs
index 6d58e3c4e1..43a966e9b4 100644
--- a/Jellyfin.Server/ServerSetupApp/SetupServer.cs
+++ b/Jellyfin.Server/ServerSetupApp/SetupServer.cs
@@ -10,6 +10,7 @@ using System.Threading.Tasks;
 using Emby.Server.Implementations.Configuration;
 using Emby.Server.Implementations.Serialization;
 using Jellyfin.Networking.Manager;
+using Jellyfin.Server.Extensions;
 using MediaBrowser.Common.Configuration;
 using MediaBrowser.Common.Net;
 using MediaBrowser.Controller;
@@ -18,6 +19,7 @@ using MediaBrowser.Model.System;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Diagnostics.HealthChecks;
@@ -138,19 +140,23 @@ public sealed class SetupServer : IDisposable
 
         ThrowIfDisposed();
         var retryAfterValue = TimeSpan.FromSeconds(5);
+        var config = _configurationManager.GetNetworkConfiguration()!;
         _startupServer = Host.CreateDefaultBuilder()
             .UseConsoleLifetime()
             .ConfigureServices(serv =>
             {
                 serv.AddHealthChecks()
                     .AddCheck<SetupHealthcheck>("StartupCheck");
+                serv.Configure<ForwardedHeadersOptions>(options =>
+                {
+                    ApiServiceCollectionExtensions.ConfigureForwardHeaders(config, options);
+                });
             })
             .ConfigureWebHostDefaults(webHostBuilder =>
                     {
                         webHostBuilder
                                 .UseKestrel((builderContext, options) =>
                                 {
-                                    var config = _configurationManager.GetNetworkConfiguration()!;
                                     var knownBindInterfaces = NetworkManager.GetInterfacesCore(_loggerFactory.CreateLogger<SetupServer>(), config.EnableIPv4, config.EnableIPv6);
                                     knownBindInterfaces = NetworkManager.FilterBindSettings(config, knownBindInterfaces.ToList(), config.EnableIPv4, config.EnableIPv6);
                                     var bindInterfaces = NetworkManager.GetAllBindInterfaces(false, _configurationManager, knownBindInterfaces, config.EnableIPv4, config.EnableIPv6);
@@ -168,7 +174,7 @@ public sealed class SetupServer : IDisposable
                                 .Configure(app =>
                                 {
                                     app.UseHealthChecks("/health");
-
+                                    app.UseForwardedHeaders();
                                     app.Map("/startup/logger", loggerRoute =>
                                     {
                                         loggerRoute.Run(async context =>