diff --git a/beetsplug/web/__init__.py b/beetsplug/web/__init__.py index 9de44dcb4..efbc3a99d 100644 --- a/beetsplug/web/__init__.py +++ b/beetsplug/web/__init__.py @@ -341,6 +341,7 @@ class WebPlugin(BeetsPlugin): 'host': u'127.0.0.1', 'port': 8337, 'cors': '', + 'cors_supports_credentials': False, 'reverse_proxy': False, 'include_paths': False, }) @@ -372,7 +373,12 @@ class WebPlugin(BeetsPlugin): app.config['CORS_RESOURCES'] = { r"/*": {"origins": self.config['cors'].get(str)} } - CORS(app) + CORS( + app, + supports_credentials=self.config[ + 'cors_supports_credentials' + ].get(bool) + ) # Allow serving behind a reverse proxy if self.config['reverse_proxy']: diff --git a/beetsplug/web/static/beets.js b/beetsplug/web/static/beets.js index ec9aae9b3..51985c183 100644 --- a/beetsplug/web/static/beets.js +++ b/beetsplug/web/static/beets.js @@ -4,7 +4,7 @@ var timeFormat = function(secs) { return '0:00'; } secs = Math.round(secs); - var mins = '' + Math.round(secs / 60); + var mins = '' + Math.floor(secs / 60); secs = '' + (secs % 60); if (secs.length < 2) { secs = '0' + secs; diff --git a/docs/changelog.rst b/docs/changelog.rst index 3121b3394..a4dfd2cb4 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -15,6 +15,9 @@ New features: * :doc:`/plugins/fetchart`: extended syntax for the ``sources`` option to give fine-grained control over the search order for backends with several matching strategies. +* :doc:`/plugins/web`: added the boolean ``cors_supports_credentials`` option to + allow in-browser clients to login to the beet web server even when it is + protected by an authorization mechanism. Fixes: @@ -65,6 +68,9 @@ Fixes: * Importing a release with multiple release events now selects the event based on the order of your :ref:`preferred` countries rather than the order of release events in MusicBrainz. :bug:`2816` +* :doc:`/plugins/web`: The time display in the web interface would incorrectly jump + at the 30-second mark of every minute. Now, it correctly changes over at zero + seconds. :bug:`2822` For developers: diff --git a/docs/plugins/web.rst b/docs/plugins/web.rst index 73a2b9147..35287acc8 100644 --- a/docs/plugins/web.rst +++ b/docs/plugins/web.rst @@ -63,6 +63,8 @@ configuration file. The available options are: Default: 8337. - **cors**: The CORS allowed origin (see :ref:`web-cors`, below). Default: CORS is disabled. +- **cors_supports_credentials**: Support credentials when using CORS (see :ref:`web-cors`, below). + Default: CORS_SUPPORTS_CREDENTIALS is disabled. - **reverse_proxy**: If true, enable reverse proxy support (see :ref:`reverse-proxy`, below). Default: false. @@ -100,13 +102,17 @@ default, browsers will only allow access from clients running on the same server as the API. (You will get an arcane error about ``XMLHttpRequest`` otherwise.) A technology called `CORS`_ lets you relax this restriction. -If you want to use an in-browser client hosted elsewhere (or running from -a different server on your machine), first install the `flask-cors`_ plugin by -typing ``pip install flask-cors``. Then set the ``cors`` configuration option -to the "origin" (protocol, host, and optional port number) where the client is -served. Or set it to ``'*'`` to enable access from all origins. Note that -there are security implications if you set the origin to ``'*'``, so please -research this before using it. +If you want to use an in-browser client hosted elsewhere (or running from a +different server on your machine), first install the `flask-cors`_ plugin by +typing ``pip install flask-cors``. Then set the ``cors`` configuration option to +the "origin" (protocol, host, and optional port number) where the client is +served. Or set it to ``'*'`` to enable access from all origins. Note that there +are security implications if you set the origin to ``'*'``, so please research +this before using it. + +If the ``web`` server is behind a proxy that uses credentials, you might want +to set the ``cors_supports_credentials`` configuration option to true to let +in-browser clients log in. For example::