This pull request improves authentication handling and environment-specific configuration in the Listenarr API. The main changes enhance logout logic to better support multiple authentication types, refactor CORS and forwarded headers setup for safer production and easier development, and clarify HTTPS redirection responsibilities. These updates make the application more robust when deployed behind a reverse proxy and simplify local development.
Authentication improvements:
- Enhanced the
Logoutendpoint inAccountController.csto distinguish between cookie-based and API key authentication, provide more detailed logging, and return clearer responses.
Environment-aware configuration:
- Refactored CORS setup in
Program.csto only enable CORS for local development environments, relying on the reverse proxy for CORS in production. Added support for additional localhost origins. [1] [2] - Updated forwarded headers configuration to only forward essential headers (
X-Forwarded-For,X-Forwarded-Proto), and cleared trusted proxies/networks for flexibility in controlled environments.
Reverse proxy compatibility:
- Removed HTTPS redirection from the application, clarifying that it should be handled by the reverse proxy.
Automated canary build