diff --git a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
index 8dcce93a45..65db331555 100644
--- a/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
+++ b/Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs
@@ -16,12 +16,13 @@ using Jellyfin.Api.Auth.RequiresElevationPolicy;
using Jellyfin.Api.Constants;
using Jellyfin.Api.Controllers;
using Jellyfin.Server.Formatters;
-using Jellyfin.Server.Models;
+using Jellyfin.Server.Middleware;
using MediaBrowser.Common.Json;
using MediaBrowser.Model.Entities;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Cors.Infrastructure;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.OpenApi.Models;
@@ -134,18 +135,15 @@ namespace Jellyfin.Server.Extensions
///
/// The service collection.
/// An IEnumerable containing all plugin assemblies with API controllers.
- /// /// The configured cors hosts.
+ /// ///
/// The MVC builder.
public static IMvcBuilder AddJellyfinApi(
this IServiceCollection serviceCollection,
- IEnumerable pluginAssemblies,
- string[] corsHosts)
+ IEnumerable pluginAssemblies)
{
IMvcBuilder mvcBuilder = serviceCollection
- .AddCors(options =>
- {
- options.AddPolicy(ServerCorsPolicy.DefaultPolicyName, new ServerCorsPolicy(corsHosts).Policy);
- })
+ .AddCors()
+ .AddTransient()
.Configure(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
diff --git a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
index 7c2b28ed8f..02178e29c7 100644
--- a/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
+++ b/Jellyfin.Server/Middleware/CorsPolicyProvider.cs
@@ -1,7 +1,49 @@
-namespace Jellyfin.Server.Middleware
+using System;
+using System.Threading.Tasks;
+using MediaBrowser.Controller.Configuration;
+using Microsoft.AspNetCore.Cors.Infrastructure;
+using Microsoft.AspNetCore.Http;
+
+namespace Jellyfin.Server.Middleware
{
- public class CorsPolicyProvider
+ ///
+ /// Cors policy provider.
+ ///
+ public class CorsPolicyProvider : ICorsPolicyProvider
{
-
+ private readonly IServerConfigurationManager _serverConfigurationManager;
+
+ ///
+ /// Initializes a new instance of the class.
+ ///
+ /// Instance of the interface.
+ public CorsPolicyProvider(IServerConfigurationManager serverConfigurationManager)
+ {
+ _serverConfigurationManager = serverConfigurationManager;
+ }
+
+ ///
+ public Task GetPolicyAsync(HttpContext context, string policyName)
+ {
+ var corsHosts = _serverConfigurationManager.Configuration.CorsHosts;
+ var builder = new CorsPolicyBuilder()
+ .AllowAnyMethod()
+ .AllowAnyHeader();
+
+ // No hosts configured or only default configured.
+ if (corsHosts.Length == 0
+ || (corsHosts.Length == 1
+ && string.Equals(corsHosts[0], CorsConstants.AnyOrigin, StringComparison.Ordinal)))
+ {
+ builder.AllowAnyOrigin();
+ }
+ else
+ {
+ builder.WithOrigins(corsHosts)
+ .AllowCredentials();
+ }
+
+ return Task.FromResult(builder.Build());
+ }
}
}
diff --git a/Jellyfin.Server/Models/ServerCorsPolicy.cs b/Jellyfin.Server/Models/ServerCorsPolicy.cs
deleted file mode 100644
index 3a45db3b44..0000000000
--- a/Jellyfin.Server/Models/ServerCorsPolicy.cs
+++ /dev/null
@@ -1,47 +0,0 @@
-using System;
-using Microsoft.AspNetCore.Cors.Infrastructure;
-
-namespace Jellyfin.Server.Models
-{
- ///
- /// Server Cors Policy.
- ///
- public class ServerCorsPolicy
- {
- ///
- /// Default policy name.
- ///
- public const string DefaultPolicyName = nameof(ServerCorsPolicy);
-
- ///
- /// Initializes a new instance of the class.
- ///
- /// The configured cors hosts.
- public ServerCorsPolicy(string[] corsHosts)
- {
- var builder = new CorsPolicyBuilder()
- .AllowAnyMethod()
- .AllowAnyHeader();
-
- // No hosts configured or only default configured.
- if (corsHosts.Length == 0
- || (corsHosts.Length == 1
- && string.Equals(corsHosts[0], "*", StringComparison.Ordinal)))
- {
- builder.AllowAnyOrigin();
- }
- else
- {
- builder.WithOrigins(corsHosts)
- .AllowCredentials();
- }
-
- Policy = builder.Build();
- }
-
- ///
- /// Gets the cors policy.
- ///
- public CorsPolicy Policy { get; }
- }
-}
diff --git a/Jellyfin.Server/Startup.cs b/Jellyfin.Server/Startup.cs
index 5601915a33..16629b5d95 100644
--- a/Jellyfin.Server/Startup.cs
+++ b/Jellyfin.Server/Startup.cs
@@ -5,7 +5,6 @@ using Jellyfin.Api.TypeConverters;
using Jellyfin.Server.Extensions;
using Jellyfin.Server.Implementations;
using Jellyfin.Server.Middleware;
-using Jellyfin.Server.Models;
using MediaBrowser.Common.Net;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
@@ -53,9 +52,7 @@ namespace Jellyfin.Server
{
options.HttpsPort = _serverApplicationHost.HttpsPort;
});
- services.AddJellyfinApi(
- _serverApplicationHost.GetApiPluginAssemblies(),
- _serverConfigurationManager.Configuration.CorsHosts);
+ services.AddJellyfinApi(_serverApplicationHost.GetApiPluginAssemblies());
services.AddJellyfinApiSwagger();
@@ -118,7 +115,7 @@ namespace Jellyfin.Server
mainApp.UseResponseCompression();
- mainApp.UseCors(ServerCorsPolicy.DefaultPolicyName);
+ mainApp.UseCors();
if (_serverConfigurationManager.Configuration.RequireHttps
&& _serverApplicationHost.ListenWithHttps)