You can implement other solutions to limit access to a specific whitelist of acceptable domains. That generally won't work for Brightcove players, because in many cases assets will reside on multiple domains. The wildcard can also be replaced by one specific domain. In the example above the asterisks acts as a wild card and allows access to all domains. conf file: Header set Access-Control-Allow-Origin "*" You can set a header in the configuration of Apache servers to enable CORS. Header add Access-Control-Allow-Origin: : This is the access control header itself to allow content from the indicated domain.Header set Access-Control-Allow-Headers: X-Requested-With: This header is required for the Access-Control-Allow-Origin header to work, since the request the player is making is an XmlHttpRequest.Testing has confirmed that this header is not sent with images or other http-delivered content. : This conditional sets the Access-Control-Allow-Origin header only on vtt or xml files.The following provides brief explanations of the directive: Header set Access-Control-Allow-Headers: X-Requested-With It’s important to note that since different CDN partners use different server solutions to deliver their content, the header information below is offered as an example, and not as a drop-in code snippet.īrightcove has had success with the following header directive for in-house CDN server's properties: The solution that Brightcove is using at this time involves configuring an Access-Control-Allow-Origin header in the CDN origin server’s configuration file. Video Still and Thumbnail Images: for capturing video still and thumbnail images in Studio, the video rendition must be served with CORS headers (which should be enabled on most of Brightcove's house CDNs by default) if you have a custom CDN, or one we haven't updated yet, image capture will not work.This will again cause cross-domain issues. Since these HLS resources can be stored on any Internet accessible domain, it is likely these resources will be served from a different server (typically a CDN domain) than from the Brightcove domain that served the player. Brightcove Player and HLS: The Brightcove Player's HLS plugin uses AJAX requests to retrieve the HLS video's manifest and individual segments.Since the video itself will be served from a Brightcove domain, this will cause cross-domain issues. Captions for videos: The file that contains captions for a video can be stored on a non-Brightcove domain.There are three instances when CORS must be used with Brightcove services/products: Note that CORS is not enabled by or related to crossdomain.xml, which a mechanism for enabling cross-domain requests for Flash applications. CORS defines a way domains can interact to determine whether or not to allow a cross-origin requests. Normally cross-domain requests would otherwise be forbidden by web browsers. OverviewĬross-origin resource sharing (CORS) is a mechanism that allows a web page to make requests to another domain other than the one from which the page was served. Understanding CORS In this topic, you will learn about CORS and constraints built into the Web regarding cross-origin referencing of assets such as videos, images, and scripts.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |