open-source-mirrors
/
jellyfin
mirror of https://github.com/jellyfin/jellyfin
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add xframe setting

Browse Source
pull/702/head
Luke Pulverenti 9 years ago
parent b04ee97822
commit 5eb0006588
8 changed files with 91 additions and 12 deletions
Show Stats Download Patch File Download Diff File

3
MediaBrowser.Model/Configuration/ServerConfiguration.cs
Unescape View File

@ -208,6 +208,8 @@ namespace MediaBrowser.Model.Configuration
public bool EnableVideoArchiveFiles { get; set; }
public int RemoteClientBitrateLimit { get; set; }
public bool DenyIFrameEmbedding { get; set; }
/// <summary>
/// Initializes a new instance of the <see cref="ServerConfiguration" /> class.
/// </summary>
@ -224,6 +226,7 @@ namespace MediaBrowser.Model.Configuration
EnableDashboardResourceMinification = true;
EnableAutomaticRestart = true;
DenyIFrameEmbedding = true;
EnableUPnP = true;

12
MediaBrowser.Server.Implementations/HttpServer/HttpListenerHost.cs
Unescape View File

@ -1,6 +1,7 @@
using Funq;
using MediaBrowser.Common;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Net;
using MediaBrowser.Model.Logging;
using MediaBrowser.Server.Implementations.HttpServer.SocketSharp;
@ -43,6 +44,8 @@ namespace MediaBrowser.Server.Implementations.HttpServer
public string CertificatePath { get; private set; }
private readonly IServerConfigurationManager _config;
/// <summary>
/// Gets the local end points.
/// </summary>
@ -62,13 +65,14 @@ namespace MediaBrowser.Server.Implementations.HttpServer
}
public HttpListenerHost(IApplicationHost applicationHost,
ILogManager logManager,
ILogManager logManager,
IServerConfigurationManager config,
string serviceName,
string defaultRedirectPath,
params Assembly[] assembliesWithServices)
string defaultRedirectPath, params Assembly[] assembliesWithServices)
: base(serviceName, assembliesWithServices)
{
DefaultRedirectPath = defaultRedirectPath;
_config = config;
_logger = logManager.GetLogger("HttpServer");
@ -115,7 +119,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer
}
});
HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger).FilterResponse);
HostContext.GlobalResponseFilters.Add(new ResponseFilter(_logger, () => _config.Configuration.DenyIFrameEmbedding).FilterResponse);
}
public override void OnAfterInit()

10
MediaBrowser.Server.Implementations/HttpServer/ResponseFilter.cs
Unescape View File

@ -12,10 +12,12 @@ namespace MediaBrowser.Server.Implementations.HttpServer
{
private static readonly CultureInfo UsCulture = new CultureInfo("en-US");
private readonly ILogger _logger;
private readonly Func<bool> _denyIframeEmbedding;
public ResponseFilter(ILogger logger)
public ResponseFilter(ILogger logger, Func<bool> denyIframeEmbedding)
{
_logger = logger;
_denyIframeEmbedding = denyIframeEmbedding;
}
/// <summary>
@ -28,7 +30,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer
{
// Try to prevent compatibility view
res.AddHeader("X-UA-Compatible", "IE=Edge");
res.AddHeader("X-Frame-Options", "DENY");
if (_denyIframeEmbedding())
{
res.AddHeader("X-Frame-Options", "DENY");
}
var exception = dto as Exception;

9
MediaBrowser.Server.Implementations/HttpServer/ServerFactory.cs
Unescape View File

@ -1,4 +1,5 @@
using MediaBrowser.Common;
using MediaBrowser.Controller.Configuration;
using MediaBrowser.Controller.Net;
using MediaBrowser.Model.Logging;
using ServiceStack.Logging;
@ -15,17 +16,19 @@ namespace MediaBrowser.Server.Implementations.HttpServer
/// </summary>
/// <param name="applicationHost">The application host.</param>
/// <param name="logManager">The log manager.</param>
/// <param name="config">The configuration.</param>
/// <param name="serverName">Name of the server.</param>
/// <param name="defaultRedirectpath">The default redirectpath.</param>
/// <returns>IHttpServer.</returns>
public static IHttpServer CreateServer(IApplicationHost applicationHost,
ILogManager logManager,
public static IHttpServer CreateServer(IApplicationHost applicationHost,
ILogManager logManager,
IServerConfigurationManager config,
string serverName,
string defaultRedirectpath)
{
LogManager.LogFactory = new ServerLogFactory(logManager);
return new HttpListenerHost(applicationHost, logManager, serverName, defaultRedirectpath);
return new HttpListenerHost(applicationHost, logManager, config, serverName, defaultRedirectpath);
}
}
}

2
MediaBrowser.Server.Startup.Common/ApplicationHost.cs
Unescape View File

@ -431,7 +431,7 @@ namespace MediaBrowser.Server.Startup.Common
RegisterSingleInstance<ISearchEngine>(() => new SearchEngine(LogManager, LibraryManager, UserManager));
HttpServer = ServerFactory.CreateServer(this, LogManager, "Emby", "web/index.html");
HttpServer = ServerFactory.CreateServer(this, LogManager, ServerConfigurationManager, "Emby", "web/index.html");
RegisterSingleInstance(HttpServer, false);
progress.Report(10);

63
MediaBrowser.WebDashboard/Api/DashboardService.cs
Unescape View File

@ -1,4 +1,5 @@
using MediaBrowser.Common.Extensions;
using System.Text;
using MediaBrowser.Common.Extensions;
using MediaBrowser.Common.IO;
using MediaBrowser.Controller;
using MediaBrowser.Controller.Configuration;
@ -16,6 +17,7 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using WebMarkupMin.Core.Minifiers;
namespace MediaBrowser.WebDashboard.Api
{
@ -308,6 +310,11 @@ namespace MediaBrowser.WebDashboard.Api
File.Delete(Path.Combine(path, "thirdparty", "jquerymobile-1.4.5", "jquery.mobile-1.4.5.min.map"));
}
MinifyCssDirectory(Path.Combine(path, "css"));
MinifyJsDirectory(Path.Combine(path, "scripts"));
MinifyJsDirectory(Path.Combine(path, "thirdparty", "apiclient"));
MinifyJsDirectory(Path.Combine(path, "voice"));
await DumpHtml(creator.DashboardUIPath, path, mode, culture, appVersion);
await DumpJs(creator.DashboardUIPath, path, mode, culture, appVersion);
@ -317,6 +324,60 @@ namespace MediaBrowser.WebDashboard.Api
return "";
}
private void MinifyCssDirectory(string path)
{
foreach (var file in Directory.GetFiles(path, "*.css", SearchOption.AllDirectories))
{
try
{
var text = File.ReadAllText(file, Encoding.UTF8);
var result = new KristensenCssMinifier().Minify(text, false, Encoding.UTF8);
if (result.Errors.Count > 0)
{
Logger.Error("Error minifying css: " + result.Errors[0].Message);
}
else
{
text = result.MinifiedContent;
File.WriteAllText(file, text, Encoding.UTF8);
}
}
catch (Exception ex)
{
Logger.ErrorException("Error minifying css", ex);
}
}
}
private void MinifyJsDirectory(string path)
{
foreach (var file in Directory.GetFiles(path, "*.js", SearchOption.AllDirectories))
{
try
{
var text = File.ReadAllText(file, Encoding.UTF8);
var result = new CrockfordJsMinifier().Minify(text, false, Encoding.UTF8);
if (result.Errors.Count > 0)
{
Logger.Error("Error minifying javascript: " + result.Errors[0].Message);
}
else
{
text = result.MinifiedContent;
File.WriteAllText(file, text, Encoding.UTF8);
}
}
catch (Exception ex)
{
Logger.ErrorException("Error minifying css", ex);
}
}
}
private async Task DumpHtml(string source, string destination, string mode, string culture, string appVersion)
{
foreach (var file in Directory.GetFiles(source, "*.html", SearchOption.TopDirectoryOnly))

1
MediaBrowser.WebDashboard/Api/PackageCreator.cs
Unescape View File

@ -548,7 +548,6 @@ namespace MediaBrowser.WebDashboard.Api
"nowplayingbar.js",
"alphapicker.js",
"directorybrowser.js",
"indexpage.js",
"moviecollections.js",
"notifications.js",
"remotecontrol.js",

3
MediaBrowser.WebDashboard/MediaBrowser.WebDashboard.csproj
Unescape View File

@ -120,6 +120,9 @@
<Content Include="dashboard-ui\scripts\htmlmediarenderer.js">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
<Content Include="dashboard-ui\scripts\sections.js">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>
<Content Include="dashboard-ui\thirdparty\apiclient\localassetmanager.js">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</Content>

Write Preview
Loading…
Cancel
Save