Fixed: Don't set cookies for static resources

Closes #4356
Radarr · Mar 8, 2021 · 6619350 · 6619350
1 parent efd9fe9
commit 6619350
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 0 deletions.
diff --git a/src/Sonarr.Http/Authentication/AuthenticationService.cs b/src/Sonarr.Http/Authentication/AuthenticationService.cs
@@ -6,6 +6,7 @@
 using Nancy;
 using Nancy.Authentication.Basic;
 using Nancy.Authentication.Forms;
+using Nancy.Routing.Trie.Nodes;
 using NLog;
 using NzbDrone.Common.Extensions;
 using NzbDrone.Core.Authentication;
@@ -161,6 +162,11 @@ public bool IsAuthenticated(NancyContext context)
                 return true;
             }
 
+            if (context.Request.IsBundledJsRequest())
+            {
+                return true;
+            }
+
             if (ValidUser(context))
             {
                 return true;

diff --git a/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs b/src/Sonarr.Http/Extensions/Pipelines/SetCookieHeaderPipeline.cs
@@ -0,0 +1,30 @@
+using System;
+using System.Linq;
+using Nancy;
+using Nancy.Bootstrapper;
+
+namespace Sonarr.Http.Extensions.Pipelines
+{
+    public class SetCookieHeaderPipeline : IRegisterNancyPipeline
+    {
+        public int Order => 99;
+
+        public void Register(IPipelines pipelines)
+        {
+            pipelines.AfterRequest.AddItemToEndOfPipeline((Action<NancyContext>) Handle);
+        }
+
+        private void Handle(NancyContext context)
+        {
+            if (context.Request.IsContentRequest() || context.Request.IsBundledJsRequest())
+            {
+                var authCookie = context.Response.Cookies.FirstOrDefault(c => c.Name == "SonarrAuth");
+
+                if (authCookie != null)
+                {
+                    context.Response.Cookies.Remove(authCookie);
+                }
+            }
+        }
+    }
+}
diff --git a/src/Sonarr.Http/Extensions/RequestExtensions.cs b/src/Sonarr.Http/Extensions/RequestExtensions.cs
@@ -40,6 +40,11 @@ public static bool IsContentRequest(this Request request)
             return request.Path.StartsWith("/Content/", StringComparison.InvariantCultureIgnoreCase);
         }
 
+        public static bool IsBundledJsRequest(this Request request)
+        {
+            return !request.Path.EqualsIgnoreCase("/initialize.js") && request.Path.EndsWith(".js", StringComparison.InvariantCultureIgnoreCase);
+        }
+
         public static bool IsSharedContentRequest(this Request request)
         {
             return request.Path.StartsWith("/MediaCover/", StringComparison.InvariantCultureIgnoreCase) ||