diff --git a/DeepDrftContent/Program.cs b/DeepDrftContent/Program.cs index 4ac767f..15de146 100644 --- a/DeepDrftContent/Program.cs +++ b/DeepDrftContent/Program.cs @@ -2,6 +2,7 @@ using DeepDrftContent; using DeepDrftContent.FileDatabase.Services; using DeepDrftContent.Middleware; using DeepDrftContent.Models; +using Microsoft.AspNetCore.HttpOverrides; var builder = WebApplication.CreateBuilder(args); @@ -35,13 +36,34 @@ builder.Configuration.AddJsonFile("environment/apikey.json", optional: false, re var apiKeySettings = builder.Configuration.GetSection(nameof(ApiKeySettings)).Get(); if (apiKeySettings is null) { throw new Exception("API key settings are not configured"); } +// Configure forwarded headers for reverse proxy support +builder.Services.Configure(options => +{ + options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost; + // Trust any proxy (nginx) - in production, specify known proxy networks + options.KnownNetworks.Clear(); + options.KnownProxies.Clear(); +}); + var app = builder.Build(); // Configure the HTTP request pipeline. +// Use forwarded headers before other middleware +app.UseForwardedHeaders(); + if (app.Environment.IsDevelopment()) { app.MapOpenApi(); } +else +{ + // Only use HTTPS redirection if not behind a reverse proxy + var forwardedProto = app.Services.GetService()?["ForwardedHeaders:DisableHttpsRedirection"]; + if (string.IsNullOrEmpty(forwardedProto) || !bool.Parse(forwardedProto)) + { + app.UseHttpsRedirection(); + } +} app.UseCors("ContentApiPolicy"); app.UseApiKeyAuthentication(apiKeySettings.ApiKey); diff --git a/DeepDrftContent/appsettings.json b/DeepDrftContent/appsettings.json index 3c8444f..81f1929 100644 --- a/DeepDrftContent/appsettings.json +++ b/DeepDrftContent/appsettings.json @@ -7,6 +7,13 @@ }, "AllowedHosts": "*", "CorsSettings": { - "AllowedOrigins": [] + "AllowedOrigins": [ + "https://localhost:12778", + "https://deepdrft.com", + "https://www.deepdrft.com" + ] + }, + "ForwardedHeaders": { + "DisableHttpsRedirection": "true" } } diff --git a/DeepDrftWeb.Client/Clients/TrackMediaClient.cs b/DeepDrftWeb.Client/Clients/TrackMediaClient.cs index 6204fbb..dd64bc8 100644 --- a/DeepDrftWeb.Client/Clients/TrackMediaClient.cs +++ b/DeepDrftWeb.Client/Clients/TrackMediaClient.cs @@ -25,7 +25,7 @@ public class TrackMediaClient public async Task GetTrackMedia(string trackId) { - var response = await _http.GetAsync($"api/track/{trackId}"); + var response = await _http.GetAsync($"track/{trackId}"); response.EnsureSuccessStatusCode(); var contentLength = response.Content.Headers.ContentLength ?? 0; diff --git a/DeepDrftWeb.Client/Pages/TracksView.razor b/DeepDrftWeb.Client/Pages/TracksView.razor index a69a31a..b16c1a5 100644 --- a/DeepDrftWeb.Client/Pages/TracksView.razor +++ b/DeepDrftWeb.Client/Pages/TracksView.razor @@ -13,14 +13,12 @@ SelectedTrack="_selectedTrack" SelectedTrackChanged="@PlayTrack"/> -