From 6619350f87a8f6ddedfea0cc8ca5b1e9ab006091 Mon Sep 17 00:00:00 2001 From: Mark McDowall Date: Sun, 7 Mar 2021 14:51:13 -0800 Subject: [PATCH] Fixed: Don't set cookies for static resources Closes #4356 --- .../Authentication/AuthenticationService.cs | 6 ++++ .../Pipelines/SetCookieHeaderPipeline.cs | 30 +++++++++++++++++++ .../Extensions/RequestExtensions.cs | 5 ++++ 3 files changed, 41 insertions(+) create mode 100644 src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs diff --git a/src/Sonarr.Http/Authentication/AuthenticationService.cs b/src/Sonarr.Http/Authentication/AuthenticationService.cs index 08b1cf03a..2778e8828 100644 --- a/src/Sonarr.Http/Authentication/AuthenticationService.cs +++ b/src/Sonarr.Http/Authentication/AuthenticationService.cs @@ -6,6 +6,7 @@ using System.Security.Principal; using Nancy; using Nancy.Authentication.Basic; using Nancy.Authentication.Forms; +using Nancy.Routing.Trie.Nodes; using NLog; using NzbDrone.Common.Extensions; using NzbDrone.Core.Authentication; @@ -161,6 +162,11 @@ namespace Sonarr.Http.Authentication return true; } + if (context.Request.IsBundledJsRequest()) + { + return true; + } + if (ValidUser(context)) { return true; diff --git a/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs b/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs new file mode 100644 index 000000000..a23bdef17 --- /dev/null +++ b/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs @@ -0,0 +1,30 @@ +using System; +using System.Linq; +using Nancy; +using Nancy.Bootstrapper; + +namespace Sonarr.Http.Extensions.Pipelines +{ + public class SetCookieHeaderPipeline : IRegisterNancyPipeline + { + public int Order => 99; + + public void Register(IPipelines pipelines) + { + pipelines.AfterRequest.AddItemToEndOfPipeline((Action) Handle); + } + + private void Handle(NancyContext context) + { + if (context.Request.IsContentRequest() || context.Request.IsBundledJsRequest()) + { + var authCookie = context.Response.Cookies.FirstOrDefault(c => c.Name == "SonarrAuth"); + + if (authCookie != null) + { + context.Response.Cookies.Remove(authCookie); + } + } + } + } +} \ No newline at end of file diff --git a/src/Sonarr.Http/Extensions/RequestExtensions.cs b/src/Sonarr.Http/Extensions/RequestExtensions.cs index 87a3d4c0f..807401164 100644 --- a/src/Sonarr.Http/Extensions/RequestExtensions.cs +++ b/src/Sonarr.Http/Extensions/RequestExtensions.cs @@ -40,6 +40,11 @@ namespace Sonarr.Http.Extensions return request.Path.StartsWith("/Content/", StringComparison.InvariantCultureIgnoreCase); } + public static bool IsBundledJsRequest(this Request request) + { + return !request.Path.EqualsIgnoreCase("/initialize.js") && request.Path.EndsWith(".js", StringComparison.InvariantCultureIgnoreCase); + } + public static bool IsSharedContentRequest(this Request request) { return request.Path.StartsWith("/MediaCover/", StringComparison.InvariantCultureIgnoreCase) ||