Fixed: Don't set cookies for static resources

Closes #4356
4 years ago · 6619350f87
parent efd9fe9ad0
commit 6619350f87
3 changed files with 41 additions and 0 deletions
--- a/src/Sonarr.Http/Authentication/AuthenticationService.cs
+++ b/src/Sonarr.Http/Authentication/AuthenticationService.cs
@ -6,6 +6,7 @@ using System.Security.Principal;
 using Nancy;
 using Nancy.Authentication.Basic;
 using Nancy.Authentication.Forms;
+using Nancy.Routing.Trie.Nodes;
 using NLog;
 using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
@ -161,6 +162,11 @@ namespace Sonarr.Http.Authentication
                return true;
            }

+            if (context.Request.IsBundledJsRequest())
+            {
+                return true;
+            }
+
            if (ValidUser(context))
            {
                return true;
--- a/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs
+++ b/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs
@ -0,0 +1,30 @@
+using System;
+using System.Linq;
+using Nancy;
+using Nancy.Bootstrapper;
+
+namespace Sonarr.Http.Extensions.Pipelines
+{
+    public class SetCookieHeaderPipeline : IRegisterNancyPipeline
+    {
+        public int Order => 99;
+
+        public void Register(IPipelines pipelines)
+        {
+            pipelines.AfterRequest.AddItemToEndOfPipeline((Action<NancyContext>) Handle);
+        }
+
+        private void Handle(NancyContext context)
+        {
+            if (context.Request.IsContentRequest() || context.Request.IsBundledJsRequest())
+            {
+                var authCookie = context.Response.Cookies.FirstOrDefault(c => c.Name == "SonarrAuth");
+
+                if (authCookie != null)
+                {
+                    context.Response.Cookies.Remove(authCookie);
+                }
+            }
+        }
+    }
+}
--- a/src/Sonarr.Http/Extensions/RequestExtensions.cs
+++ b/src/Sonarr.Http/Extensions/RequestExtensions.cs
@ -40,6 +40,11 @@ namespace Sonarr.Http.Extensions
            return request.Path.StartsWith("/Content/", StringComparison.InvariantCultureIgnoreCase);
        }

+        public static bool IsBundledJsRequest(this Request request)
+        {
+            return !request.Path.EqualsIgnoreCase("/initialize.js") && request.Path.EndsWith(".js", StringComparison.InvariantCultureIgnoreCase);
+        }
+
        public static bool IsSharedContentRequest(this Request request)
        {
            return request.Path.StartsWith("/MediaCover/", StringComparison.InvariantCultureIgnoreCase) ||