Fixed: Don't set cookies for static resources

(cherry picked from commit 6619350f87a8f6ddedfea0cc8ca5b1e9ab006091)
4 years ago · e8972f2273
parent 578ce25166
commit e8972f2273
3 changed files with 41 additions and 0 deletions
--- a/src/Radarr.Http/Authentication/AuthenticationService.cs
+++ b/src/Radarr.Http/Authentication/AuthenticationService.cs
@ -5,6 +5,7 @@ using System.Security.Principal;
 using Nancy;
 using Nancy.Authentication.Basic;
 using Nancy.Authentication.Forms;
+using Nancy.Routing.Trie.Nodes;
 using NLog;
 using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
@ -160,6 +161,11 @@ namespace Radarr.Http.Authentication
                return true;
            }

+            if (context.Request.IsBundledJsRequest())
+            {
+                return true;
+            }
+
            if (ValidUser(context))
            {
                return true;
--- a/src/Radarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs
+++ b/src/Radarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs
@ -0,0 +1,30 @@
+using System;
+using System.Linq;
+using Nancy;
+using Nancy.Bootstrapper;
+
+namespace Radarr.Http.Extensions.Pipelines
+{
+    public class SetCookieHeaderPipeline : IRegisterNancyPipeline
+    {
+        public int Order => 99;
+
+        public void Register(IPipelines pipelines)
+        {
+            pipelines.AfterRequest.AddItemToEndOfPipeline((Action<NancyContext>)Handle);
+        }
+
+        private void Handle(NancyContext context)
+        {
+            if (context.Request.IsContentRequest() || context.Request.IsBundledJsRequest())
+            {
+                var authCookie = context.Response.Cookies.FirstOrDefault(c => c.Name == "RadarrAuth");
+
+                if (authCookie != null)
+                {
+                    context.Response.Cookies.Remove(authCookie);
+                }
+            }
+        }
+    }
+}
--- a/src/Radarr.Http/Extensions/RequestExtensions.cs
+++ b/src/Radarr.Http/Extensions/RequestExtensions.cs
@ -40,6 +40,11 @@ namespace Radarr.Http.Extensions
            return request.Path.StartsWith("/Content/", StringComparison.InvariantCultureIgnoreCase);
        }

+        public static bool IsBundledJsRequest(this Request request)
+        {
+            return !request.Path.EqualsIgnoreCase("/initialize.js") && request.Path.EndsWith(".js", StringComparison.InvariantCultureIgnoreCase);
+        }
+
        public static bool IsSharedContentRequest(this Request request)
        {
            return request.Path.StartsWith("/MediaCover/", StringComparison.InvariantCultureIgnoreCase) ||