[PR #3218] [MERGED] Enable CORS and Authentation #9378

New Issue

Closed

opened 2026-02-07 06:01:08 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2026-02-07 06:01:08 +03:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/jellyfin/jellyfin/pull/3218
Author: @crobibero
Created: 6/1/2020
Status: ✅ Merged
Merged: 6/9/2020
Merged by: @dkanada

Base: api-migration ← Head: api-cors

---

📝 Commits (4)

• b944b8f Enable CORS and Authentication.
• e30a850 Remove log spam when using legacy api
• 2476848 Fix tests
• 6be8625 Merge remote-tracking branch 'upstream/api-migration' into api-cors

📊 Changes

7 files changed (+62 additions, -5 deletions)

View changed files

📝 Emby.Server.Implementations/HttpServer/Security/AuthService.cs (+6 -0)
📝 Jellyfin.Api/Auth/CustomAuthenticationHandler.cs (+9 -2)
📝 Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs (+7 -1)
➕ Jellyfin.Server/Models/ServerCorsPolicy.cs (+30 -0)
📝 Jellyfin.Server/Startup.cs (+3 -1)
📝 MediaBrowser.Controller/Net/AuthenticatedAttribute.cs (+4 -0)
📝 tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs (+3 -1)

📄 Description

Currently the logfile spams this: Jellyfin.Api.Auth.CustomAuthenticationHandler: CustomAuthentication was not authenticated. Failure message: Access token is required.
but authentication doesn't work without the call to app.UseAuthentication();

CORS is currently set to allow any Origin, Method, and Header.

Fixes #3161

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/jellyfin/jellyfin/pull/3218 **Author:** [@crobibero](https://github.com/crobibero) **Created:** 6/1/2020 **Status:** ✅ Merged **Merged:** 6/9/2020 **Merged by:** [@dkanada](https://github.com/dkanada) **Base:** `api-migration` ← **Head:** `api-cors` --- ### 📝 Commits (4) - [`b944b8f`](https://github.com/jellyfin/jellyfin/commit/b944b8f8c54963f61eee5eeb97cd1745ae42ac50) Enable CORS and Authentication. - [`e30a850`](https://github.com/jellyfin/jellyfin/commit/e30a85025f3d0f8b936827613239da7c2c2387c2) Remove log spam when using legacy api - [`2476848`](https://github.com/jellyfin/jellyfin/commit/2476848dd3d69252c5bc8b45a4eddf545354a0c0) Fix tests - [`6be8625`](https://github.com/jellyfin/jellyfin/commit/6be862545ae76eb454b91601f08745e7b46dcd28) Merge remote-tracking branch 'upstream/api-migration' into api-cors ### 📊 Changes **7 files changed** (+62 additions, -5 deletions) <details> <summary>View changed files</summary> 📝 `Emby.Server.Implementations/HttpServer/Security/AuthService.cs` (+6 -0) 📝 `Jellyfin.Api/Auth/CustomAuthenticationHandler.cs` (+9 -2) 📝 `Jellyfin.Server/Extensions/ApiServiceCollectionExtensions.cs` (+7 -1) ➕ `Jellyfin.Server/Models/ServerCorsPolicy.cs` (+30 -0) 📝 `Jellyfin.Server/Startup.cs` (+3 -1) 📝 `MediaBrowser.Controller/Net/AuthenticatedAttribute.cs` (+4 -0) 📝 `tests/Jellyfin.Api.Tests/Auth/CustomAuthenticationHandlerTests.cs` (+3 -1) </details> ### 📄 Description ~~Currently the logfile spams this: `Jellyfin.Api.Auth.CustomAuthenticationHandler: CustomAuthentication was not authenticated. Failure message: Access token is required.` but authentication doesn't work without the call to `app.UseAuthentication();`~~ CORS is currently set to allow any Origin, Method, and Header. Fixes #3161 --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

OVERLORD added the pull-request label 2026-02-07 06:01:08 +03:00

OVERLORD closed this issue 2026-02-07 06:01:10 +03:00

OVERLORD referenced this issue 2026-02-07 06:50:43 +03:00

[PR #9505] Fix #9378 #12141

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

release-10.11.z

renovate/skiasharp-monorepo

JPVenson-patch-1

renovate/morestachio-5.x

release-10.9.z

openapi-cache

release-10.10.z

explicit-load

explicit-load-v2

feature/entity-framework

only-count-folder-item

fix/ci-workflow-refactor

release-10.8.z

release-10.7.z

EraYaN-add-management-interface

release-10.6.z

release-10.5.z

release-10.4.z

release-10.3.z

release-10.2.z

release-10.1.0

v10.11.6

v10.11.5

v10.11.4

v10.11.3

v10.11.2

v10.11.1

v10.11.0

v10.11.0-rc9

v10.11.0-rc8

v10.11.0-rc7

v10.11.0-rc6

v10.11.0-rc5

v10.11.0-rc4

v10.11.0-rc3

v10.11.0-rc2

v10.11.0-rc1

v10.10.7

v10.10.6

v10.10.5

v10.10.4

v10.10.3

v10.10.2

v10.10.1

v10.10.0

v10.9.11

v10.9.10

v10.9.9

v10.9.8

v10.9.7

v10.9.6

v10.9.5

v10.9.4

v10.9.3

v10.9.2

v10.9.1

v10.9.0

v10.8.13

v10.8.12

v10.8.11

v10.8.10

v10.8.9

v10.8.8

v10.8.7

v10.8.6

v10.8.5

v10.8.4

v10.8.3

v10.8.2

v10.8.1

v10.8.0

v10.8.0-beta3

v10.8.0-beta2

v10.8.0-beta1

v10.8.0-alpha5

v10.8.0-alpha4

v10.8.0-alpha3

v10.8.0-alpha2

v10.8.0-alpha1

v10.7.7

v10.7.6

v10.7.5

v10.7.4

v10.7.3

v10.7.2

v10.7.1

v10.7.0

v10.7.0-rc4

v10.7.0-rc3

v10.7.0-rc2

v10.7.0-rc1

v10.6.4

v10.6.3

v10.6.2

v10.6.1

v10.6.0

v10.5.5

v10.5.4

v10.5.3

v10.5.2

v10.5.1

v10.5.0

v10.4.3

v10.4.2

v10.4.1

v10.4.0

v10.3.7

v10.3.6

v10.3.5

v10.3.4

v10.3.3

v10.3.2

v10.3.1

v10.3.0

v10.3.0-rc2

v10.3.0-rc1

v10.2.2

v10.2.1

v10.2.0

v10.1.0

v10.0.1

v10.0.0

v10.0.2

v3.5.2-5

Labels

Clear labels

EFjellyfin.db

area:database

awaiting-feedback

backend

blocked

breaking change: web api

bug

build

ci

confirmed

discussion needed

dotnet future

downstream

duplicate

enhancement

feature

future

github-actions

good first issue

hdr

help wanted

invalid

investigation

librarydb

live-tv

lyrics

media playback

music

needs testing

nuget

performance

platform

pull-request

Mirrored from GitHub Pull Request

question

regression

release critical

requires-web

roadmap

security

security

stale

support

syncplay

ui & ux

upstream

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/jellyfin#9378