Skip to content

Commit 7a5203d

Browse files
updated csrf authentication handling with redirect logging and headers
1 parent 6d6199e commit 7a5203d

1 file changed

Lines changed: 20 additions & 1 deletion

File tree

backend/Services/JellyseerrSessionService.cs

Lines changed: 20 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -127,10 +127,13 @@ private string GetSessionPath(Guid userId) =>
127127
using var handler = new HttpClientHandler
128128
{
129129
CookieContainer = cookieContainer,
130-
UseCookies = true
130+
UseCookies = true,
131+
AllowAutoRedirect = false
131132
};
132133
using var client = new HttpClient(handler);
133134
client.Timeout = TimeSpan.FromSeconds(15);
135+
client.DefaultRequestHeaders.TryAddWithoutValidation(
136+
"User-Agent", "Moonfin-Server");
134137

135138
var isLocal = string.Equals(authType, "local", StringComparison.OrdinalIgnoreCase);
136139
var authEndpoint = isLocal
@@ -149,13 +152,29 @@ private string GetSessionPath(Guid userId) =>
149152
var csrfToken = await FetchCsrfTokenAsync(client, jellyseerrUrl, cookieContainer);
150153

151154
var request = new HttpRequestMessage(HttpMethod.Post, authEndpoint) { Content = content };
155+
var originValue = new Uri(jellyseerrUrl).GetLeftPart(UriPartial.Authority);
156+
request.Headers.TryAddWithoutValidation("Origin", originValue);
157+
request.Headers.TryAddWithoutValidation("Referer", jellyseerrUrl.TrimEnd('/') + "/");
152158
if (!string.IsNullOrEmpty(csrfToken))
153159
{
154160
request.Headers.Add("X-CSRF-Token", csrfToken);
155161
}
156162

157163
var response = await client.SendAsync(request);
158164

165+
if ((int)response.StatusCode is >= 300 and < 400)
166+
{
167+
_logger.LogWarning(
168+
"Seerr auth redirected ({Status} -> {Location}) for user {Username}. " +
169+
"Check the Seerr URL configured in Moonfin matches the public address (scheme + sub-path).",
170+
response.StatusCode, response.Headers.Location?.ToString(), username);
171+
return new JellyseerrAuthResult
172+
{
173+
Success = false,
174+
Error = "Seerr redirected the login request. Verify the Seerr URL in Moonfin matches its public address (https and any sub-path)."
175+
};
176+
}
177+
159178
if (!response.IsSuccessStatusCode)
160179
{
161180
var errorBody = await response.Content.ReadAsStringAsync();

0 commit comments

Comments
 (0)