CrossDomains

Most browsers and players prohibit accessing other domain resources in the currently running domain. You can control this situation through Cross-Origin Resource Sharing (CORS) or Cross-Domain (CrossDomain). You can set CORS and Cross-Domain as <CrossDomains> element.

CrossDomain settings are available for HTTP-based APIs, HLS, LLHLS and Thumbnail Publishers and WebRTC Provider(WHIP).

<CrossDomains>
    <Url>*</Url>
    <Url>*.airensoft.com</Url>
    <Url>http://*.ovenplayer.com</Url>
    <Url>https://demo.ovenplayer.com</Url>
    <Header>
        <Key>Access-Control-Expose-Headers</Key>
        <Value>Date, Server, Content-Type, Content-Length</Value>
    </Header>
    <Header>
        <Key>custom-header</Key>
        <Value>airensoft</Value>
    </Header>
</CrossDomains>

You can set it using the <Url> element as shown above, and you can use the following values:

Url Value

Description

*

Allows requests from all Domains.

domain

Allows both HTTP and HTTPS requests from the specified Domain.

http://domain

Allows HTTP requests from the specified Domain.

https://domain

Allows HTTPS requests from the specified Domain.

You can respond with custom HTTP headers via <CrossDomains>. You can use them by adding multiple <Header>/<Key> and <Header>/<Value> as in the example above.

Default(Global) CORS Settings

If all Applications share the same CORS policy, you can configure CORS under <Server><Defaults><CrossDomains> to apply it globally. This default CORS setting is also applied to invalid requests, such as 400 Bad Request responses or requests to non-existent Applications.

<?xml version="1.0" encoding="UTF-8"?>
<Server version="8">
    <Name>OvenMediaEngine</Name>
    ... omitted ...

    <!-- Default Settings for all Virtual Hosts -->
    <Defaults>
        <CrossDomains>
            <Url>*.ovenplayer.com</Url>
        </CrossDomains>
    </Defaults>

    <VirtualHosts>
        <VirtualHost>
            <Name>default</Name>
    ... omitted ...

Up to version 0.19.0, the default CORS setting was supported per VirtualHost and had to be configured at <Server><VirtualHosts><VirtualHost><CrossDomain>. However, this method is now deprecated and no longer applied. The configuration has been consolidated under <Server><Defaults><CrossDomain>.

Application-Specific CORS Settings

If a particular Application requires a different CORS policy, you can add a CORS configuration to that Application. In this case, the Application-specific CORS setting takes precedence. For example, you can configure CORS for the current WebRTC Provider (WHIP), LLHLS, HLS, and Thumbnail Publisher as follows:

<VirtualHost>
    <Name>default</Name>
    ... omitted ...
    <Applications>
        <Application>
            <Name>app</Name>
            <Type>live</Type>
            ... omitted ...
            <Providers>
                <WebRTC>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </WebRTC>
            </Providers>
            <Publishers>
                <LLHLS>
                    <ChunkDuration>0.5</ChunkDuration>
                    <PartHoldBack>1.5</PartHoldBack>
                    <SegmentDuration>6</SegmentDuration>
                    <SegmentCount>10</SegmentCount>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </LLHLS>
                <HLS>
                    <SegmentCount>4</SegmentCount>
                    <SegmentDuration>4</SegmentDuration>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </HLS>
                <Thumbnail>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </Thumbnail>
            </Publishers>
        </Application>
    </Applications>
</VirtualHost>

Last updated 12 days ago

Was this helpful?