Enable CORS and Authentication.

2025-07-09 03:04:24 -04:00 · 2020-06-01 11:03:08 -06:00 · 2020-06-01 11:03:08 -06:00 · b944b8f8c5
commit b944b8f8c5
parent 297ab2e423
3 changed files with 40 additions and 2 deletions
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@ -11,6 +11,7 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
 using Jellyfin.Api.Constants;
 using Jellyfin.Api.Controllers;
 using Jellyfin.Server.Formatters;
+using Jellyfin.Server.Models;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.DependencyInjection;
@ -71,7 +72,12 @@ namespace Jellyfin.Server.Extensions
        /// <returns>The MVC builder.</returns>
        public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, string baseUrl)
        {
-            return serviceCollection.AddMvc(opts =>
+            return serviceCollection
+                .AddCors(options =>
+                {
+                    options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, ServerCorsPolicy.DefaultPolicy);
+                })
+                .AddMvc(opts =>
                {
                    opts.UseGeneralRoutePrefix(baseUrl);
                    opts.OutputFormatters.Insert(0, new CamelCaseJsonProfileFormatter());
--- a/Jellyfin.Server/Models/ServerCorsPolicy.cs
+++ b/Jellyfin.Server/Models/ServerCorsPolicy.cs
@ -0,0 +1,30 @@
+using Microsoft.AspNetCore.Cors.Infrastructure;
+
+namespace Jellyfin.Server.Models
+{
+    /// <summary>
+    /// Server Cors Policy.
+    /// </summary>
+    public static class ServerCorsPolicy
+    {
+        /// <summary>
+        /// Default policy name.
+        /// </summary>
+        public const string DefaultPolicyName = "DefaultCorsPolicy";
+
+        /// <summary>
+        /// Default Policy. Allow Everything.
+        /// </summary>
+        public static readonly CorsPolicy DefaultPolicy = new CorsPolicy
+        {
+            // Allow any origin
+            Origins = { "*" },
+
+            // Allow any method
+            Methods = { "*" },
+
+            // Allow any header
+            Headers = { "*" }
+        };
+    }
+}
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@ -1,5 +1,6 @@
 using Jellyfin.Server.Extensions;
 using Jellyfin.Server.Middleware;
+using Jellyfin.Server.Models;
 using MediaBrowser.Controller;
 using MediaBrowser.Controller.Configuration;
 using Microsoft.AspNetCore.Builder;
@ -68,9 +69,10 @@ namespace Jellyfin.Server
            // TODO app.UseMiddleware<WebSocketMiddleware>();
            app.Use(serverApplicationHost.ExecuteWebsocketHandlerAsync);

-            // TODO use when old API is removed: app.UseAuthentication();
+            app.UseAuthentication();
            app.UseJellyfinApiSwagger(_serverConfigurationManager);
            app.UseRouting();
+            app.UseCors(ServerCorsPolicy.DefaultPolicyName);
            app.UseAuthorization();
            app.UseEndpoints(endpoints =>
            {