open-source-mirrors
/
Lidarr
mirror of https://github.com/Lidarr/Lidarr
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved handling of the Preflight OPTIONS request.

Browse Source
Taloth Saldono 7 years ago
parent 3ba61cd5aa
commit 5fae2ac66f
4 changed files with 77 additions and 22 deletions
Show Stats Download Patch File Download Diff File

4
src/NzbDrone.Api/Extensions/Pipelines/CacheHeaderPipeline.cs
Unescape View File

@ -23,6 +23,8 @@ namespace NzbDrone.Api.Extensions.Pipelines
private void Handle(NancyContext context) private void Handle(NancyContext context)
{ {
if (context.Request.Method == "OPTIONS") return;
if (_cacheableSpecification.IsCacheable(context)) if (_cacheableSpecification.IsCacheable(context))
{ {
context.Response.Headers.EnableCache(); context.Response.Headers.EnableCache();
@ -33,4 +35,4 @@ namespace NzbDrone.Api.Extensions.Pipelines
} }
} }
} }
} }

34
src/NzbDrone.Api/Extensions/Pipelines/CorsPipeline.cs
Unescape View File

@ -12,9 +12,24 @@ namespace NzbDrone.Api.Extensions.Pipelines
public void Register(IPipelines pipelines) public void Register(IPipelines pipelines)
{ {
pipelines.BeforeRequest.AddItemToEndOfPipeline(HandleRequest);
pipelines.AfterRequest.AddItemToEndOfPipeline(HandleResponse); pipelines.AfterRequest.AddItemToEndOfPipeline(HandleResponse);
} }
private Response HandleRequest(NancyContext context)
{
if (context == null || context.Request.Method != "OPTIONS")
{
return null;
}
var response = new Response()
.WithStatusCode(HttpStatusCode.OK)
.WithContentType("");
ApplyResponseHeaders(response, context.Request);
return response;
}
private void HandleResponse(NancyContext context) private void HandleResponse(NancyContext context)
{ {
if (context == null || context.Response.Headers.ContainsKey(AccessControlHeaders.AllowOrigin)) if (context == null || context.Response.Headers.ContainsKey(AccessControlHeaders.AllowOrigin))
@ -45,18 +60,21 @@ namespace NzbDrone.Api.Extensions.Pipelines
{ {
response.Headers.Add(AccessControlHeaders.AllowOrigin, allowOrigin); response.Headers.Add(AccessControlHeaders.AllowOrigin, allowOrigin);
if (response.Headers.ContainsKey("Allow")) if (request.Method == "OPTIONS")
{ {
allowedMethods = response.Headers["Allow"]; if (response.Headers.ContainsKey("Allow"))
} {
allowedMethods = response.Headers["Allow"];
}
response.Headers.Add(AccessControlHeaders.AllowMethods, allowedMethods); response.Headers.Add(AccessControlHeaders.AllowMethods, allowedMethods);
if (request.Headers[AccessControlHeaders.RequestHeaders].Any()) if (request.Headers[AccessControlHeaders.RequestHeaders].Any())
{ {
var requestedHeaders = request.Headers[AccessControlHeaders.RequestHeaders].Join(", "); var requestedHeaders = request.Headers[AccessControlHeaders.RequestHeaders].Join(", ");
response.Headers.Add(AccessControlHeaders.AllowHeaders, requestedHeaders); response.Headers.Add(AccessControlHeaders.AllowHeaders, requestedHeaders);
}
} }
} }
} }

5
src/NzbDrone.Api/Extensions/Pipelines/GZipPipeline.cs
Unescape View File

@ -33,7 +33,8 @@ namespace NzbDrone.Api.Extensions.Pipelines
try try
{ {
if ( if (
!response.ContentType.Contains("image") response.Contents != Response.NoBody
&& !response.ContentType.Contains("image")
&& !response.ContentType.Contains("font") && !response.ContentType.Contains("font")
&& request.Headers.AcceptEncoding.Any(x => x.Contains("gzip")) && request.Headers.AcceptEncoding.Any(x => x.Contains("gzip"))
&& !AlreadyGzipEncoded(response) && !AlreadyGzipEncoded(response)
@ -80,4 +81,4 @@ namespace NzbDrone.Api.Extensions.Pipelines
return false; return false;
} }
} }
} }

56
src/NzbDrone.Integration.Test/CorsFixture.cs
Unescape View File

@ -8,30 +8,37 @@ namespace NzbDrone.Integration.Test
[TestFixture] [TestFixture]
public class CorsFixture : IntegrationTest public class CorsFixture : IntegrationTest
{ {
private RestRequest BuildRequest() private RestRequest BuildGet(string route = "series")
{ {
var request = new RestRequest("series"); var request = new RestRequest(route, Method.GET);
request.AddHeader(AccessControlHeaders.RequestMethod, "POST"); request.AddHeader(AccessControlHeaders.RequestMethod, "POST");
return request; return request;
} }
private RestRequest BuildOptions(string route = "series")
{
var request = new RestRequest(route, Method.OPTIONS);
return request;
}
[Test] [Test]
public void should_not_have_allow_headers_in_response_when_not_included_in_the_request() public void should_not_have_allow_headers_in_response_when_not_included_in_the_request()
{ {
var request = BuildRequest(); var request = BuildOptions();
var response = RestClient.Get(request); var response = RestClient.Execute(request);
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowHeaders); response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowHeaders);
} }
[Test] [Test]
public void should_have_allow_headers_in_response_when_included_in_the_request() public void should_have_allow_headers_in_response_when_included_in_the_request()
{ {
var request = BuildRequest(); var request = BuildOptions();
request.AddHeader(AccessControlHeaders.RequestHeaders, "X-Test"); request.AddHeader(AccessControlHeaders.RequestHeaders, "X-Test");
var response = RestClient.Get(request); var response = RestClient.Execute(request);
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowHeaders); response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowHeaders);
} }
@ -39,8 +46,8 @@ namespace NzbDrone.Integration.Test
[Test] [Test]
public void should_have_allow_origin_in_response() public void should_have_allow_origin_in_response()
{ {
var request = BuildRequest(); var request = BuildOptions();
var response = RestClient.Get(request); var response = RestClient.Execute(request);
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowOrigin); response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowOrigin);
} }
@ -48,10 +55,37 @@ namespace NzbDrone.Integration.Test
[Test] [Test]
public void should_have_allow_methods_in_response() public void should_have_allow_methods_in_response()
{ {
var request = BuildRequest(); var request = BuildOptions();
var response = RestClient.Get(request); var response = RestClient.Execute(request);
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowMethods); response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowMethods);
} }
[Test]
public void should_not_have_allow_methods_in_non_options_request()
{
var request = BuildGet();
var response = RestClient.Execute(request);
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowMethods);
}
[Test]
public void should_have_allow_origin_in_non_options_request()
{
var request = BuildGet();
var response = RestClient.Execute(request);
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowOrigin);
}
[Test]
public void should_not_have_allow_origin_in_non_api_request()
{
var request = BuildGet("../abc");
var response = RestClient.Execute(request);
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowOrigin);
}
} }
} }

Write Preview
Loading…
Cancel
Save