|  | @@ -2,6 +2,7 @@ using System;
 | 
	
		
			
				|  |  |  using System.Collections.Generic;
 | 
	
		
			
				|  |  |  using System.IO;
 | 
	
		
			
				|  |  |  using System.Linq;
 | 
	
		
			
				|  |  | +using System.Net;
 | 
	
		
			
				|  |  |  using System.Reflection;
 | 
	
		
			
				|  |  |  using Jellyfin.Api.Auth;
 | 
	
		
			
				|  |  |  using Jellyfin.Api.Auth.DefaultAuthorizationPolicy;
 | 
	
	
		
			
				|  | @@ -17,7 +18,6 @@ using Jellyfin.Api.Constants;
 | 
	
		
			
				|  |  |  using Jellyfin.Api.Controllers;
 | 
	
		
			
				|  |  |  using Jellyfin.Server.Configuration;
 | 
	
		
			
				|  |  |  using Jellyfin.Server.Formatters;
 | 
	
		
			
				|  |  | -using Jellyfin.Server.Middleware;
 | 
	
		
			
				|  |  |  using MediaBrowser.Common.Json;
 | 
	
		
			
				|  |  |  using MediaBrowser.Model.Entities;
 | 
	
		
			
				|  |  |  using Microsoft.AspNetCore.Authentication;
 | 
	
	
		
			
				|  | @@ -28,6 +28,7 @@ using Microsoft.AspNetCore.HttpOverrides;
 | 
	
		
			
				|  |  |  using Microsoft.Extensions.DependencyInjection;
 | 
	
		
			
				|  |  |  using Microsoft.OpenApi.Models;
 | 
	
		
			
				|  |  |  using Swashbuckle.AspNetCore.SwaggerGen;
 | 
	
		
			
				|  |  | +using AuthenticationSchemes = Jellyfin.Api.Constants.AuthenticationSchemes;
 | 
	
		
			
				|  |  |  
 | 
	
		
			
				|  |  |  namespace Jellyfin.Server.Extensions
 | 
	
		
			
				|  |  |  {
 | 
	
	
		
			
				|  | @@ -136,8 +137,9 @@ namespace Jellyfin.Server.Extensions
 | 
	
		
			
				|  |  |          /// </summary>
 | 
	
		
			
				|  |  |          /// <param name="serviceCollection">The service collection.</param>
 | 
	
		
			
				|  |  |          /// <param name="pluginAssemblies">An IEnumerable containing all plugin assemblies with API controllers.</param>
 | 
	
		
			
				|  |  | +        /// <param name="knownProxies">A list of all known proxies to trust for X-Forwarded-For.</param>
 | 
	
		
			
				|  |  |          /// <returns>The MVC builder.</returns>
 | 
	
		
			
				|  |  | -        public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable<Assembly> pluginAssemblies)
 | 
	
		
			
				|  |  | +        public static IMvcBuilder AddJellyfinApi(this IServiceCollection serviceCollection, IEnumerable<Assembly> pluginAssemblies, IReadOnlyList<string> knownProxies)
 | 
	
		
			
				|  |  |          {
 | 
	
		
			
				|  |  |              IMvcBuilder mvcBuilder = serviceCollection
 | 
	
		
			
				|  |  |                  .AddCors()
 | 
	
	
		
			
				|  | @@ -145,6 +147,13 @@ namespace Jellyfin.Server.Extensions
 | 
	
		
			
				|  |  |                  .Configure<ForwardedHeadersOptions>(options =>
 | 
	
		
			
				|  |  |                  {
 | 
	
		
			
				|  |  |                      options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
 | 
	
		
			
				|  |  | +                    for (var i = 0; i < knownProxies.Count; i++)
 | 
	
		
			
				|  |  | +                    {
 | 
	
		
			
				|  |  | +                        if (IPAddress.TryParse(knownProxies[i], out var address))
 | 
	
		
			
				|  |  | +                        {
 | 
	
		
			
				|  |  | +                            options.KnownProxies.Add(address);
 | 
	
		
			
				|  |  | +                        }
 | 
	
		
			
				|  |  | +                    }
 | 
	
		
			
				|  |  |                  })
 | 
	
		
			
				|  |  |                  .AddMvc(opts =>
 | 
	
		
			
				|  |  |                  {
 |