From df65e3ab0db8fd55a6a02b8c067565abc926136f Mon Sep 17 00:00:00 2001 From: ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com> Date: Sat, 2 May 2020 15:29:05 -0500 Subject: [PATCH 1/3] Add Access-Control-Allow-Origin header to exceptions Fixes #1794 --- Emby.Server.Implementations/HttpServer/HttpListenerHost.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs index 211a0c1d99..77878eacc9 100644 --- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs +++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs @@ -542,6 +542,11 @@ namespace Emby.Server.Implementations.HttpServer var requestInnerEx = GetActualException(requestEx); var statusCode = GetStatusCode(requestInnerEx); + if (!httpRes.Headers.ContainsKey("Access-Control-Allow-Origin")) + { + httpRes.Headers.Add("Access-Control-Allow-Origin", "*"); + } + // Do not handle 500 server exceptions manually when in development mode // The framework-defined development exception page will be returned instead if (statusCode == 500 && _hostEnvironment.IsDevelopment()) From 85f04af04c7d33477df5486ae80b6fa9a2a2bfd7 Mon Sep 17 00:00:00 2001 From: ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com> Date: Mon, 18 May 2020 14:30:23 -0500 Subject: [PATCH 2/3] Reuse existing CORS function --- Emby.Server.Implementations/HttpServer/HttpListenerHost.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs index 9554b9f462..9a4e858a51 100644 --- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs +++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs @@ -497,9 +497,9 @@ namespace Emby.Server.Implementations.HttpServer var requestInnerEx = GetActualException(requestEx); var statusCode = GetStatusCode(requestInnerEx); - if (!httpRes.Headers.ContainsKey("Access-Control-Allow-Origin")) + foreach (var (key, value) in GetDefaultCorsHeaders(httpReq)) { - httpRes.Headers.Add("Access-Control-Allow-Origin", "*"); + httpRes.Headers.Add(key, value); } bool ignoreStackTrace = From 949e4d3e64a73102d0a87c8b34918397a2cec303 Mon Sep 17 00:00:00 2001 From: ConfusedPolarBear <33811686+ConfusedPolarBear@users.noreply.github.com> Date: Mon, 18 May 2020 16:54:36 -0500 Subject: [PATCH 3/3] Apply suggestions from code review --- Emby.Server.Implementations/HttpServer/HttpListenerHost.cs | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs index 9a4e858a51..7de4f168c1 100644 --- a/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs +++ b/Emby.Server.Implementations/HttpServer/HttpListenerHost.cs @@ -499,7 +499,10 @@ namespace Emby.Server.Implementations.HttpServer foreach (var (key, value) in GetDefaultCorsHeaders(httpReq)) { - httpRes.Headers.Add(key, value); + if (!httpRes.Headers.ContainsKey(key)) + { + httpRes.Headers.Add(key, value); + } } bool ignoreStackTrace =