Hi there

I have multiple domains, lets say sportsteam.tv and sportsleague.tv
and want to implement CloudFront as a CDN incase of big unexpected viewerships that my usual VPS setup can't handle comfortably (past say 1000 concurrent viewers).

I have setup cdn.sportsteam.tv and cdn.sportsleague.tv as valid CloudFront CNAME subdomains all running under HTTPS.

All of my content is protected using Cookies, with xhrSetup and xhr.withCredentials=true in my hls.js initialisation code.

However, I cannot now use * as a access_control_allow_origin and Cross Domain does not seem to be acknowledged in this setup.

If I set my nimble.conf access_control_allow_origin = sportsteam.tv, sportsleague.tv (with or without https://) the browser gives me some variety of: "Failed to load https://cdn.sportsteam.tv/xxx/playlist.m3u8: The 'Access-Control-Allow-Origin' header contains multiple values 'https://sportsteam.tv,https://sportsleague.tv', but only one is allowed"

I have seen other suggestions on the web to re-write headers based on the $_REQUEST['http_domain'] (or whatever) but that doesn't seem possible in nimble.

I could dedicate one machine to this CDN origin, happily enough, but I cannot dedicate five machines for my ~five client domains for origins.

Could there be a way to get nimble to present the requesting domain (somehow) as the accepted one, like: https://streamerdomain.com:port/origin=sportsteam.tv/streamurl.m3u8
and then the origin should be approved/validated in some way.

I hope that all makes sense...!! Am happy to discuss further details, show example of live use case via email if desired.

Thanks
David

To be clear, if i set my access_control_allow_origin = sportsteam.tv on my nimble.conf - cloudfront + the player will all work happily together and play back video via the CDN.

David,
thanks for analysis you are correct in your findings.
Am I right that it's enough to return "Origin" header in case if "Origin" is among access_control_allow_origin specified in nimble.conf ?
"Access-Control-Allow-Origin" header cannot be a list of domains but rather should be exact domain.
We can change access_control_allow_origin behavior so that if we have domain list then we check Origin header and find matched domain in the list and If exists return Origin if not - don't add Access-Control-Allow-Origin at all.
What do you think ?

It seems like that would be a suitable workaround. If you need me to help run a test version please let me know I’ll be happy to help.

David,
could you please give us http request headers client sent and http headers received in case if you setup
access_control_allow_origin = sportsteam.tv
And access sportsteam.tv in case if your setup works.
I need to check requested/returned headers to make sure my fix will work

Alex I've sent an email to support FAO you.

David,
I've got it and replied.
To everybody interested in the subject - we will release this support soon.

Thanks Alex, looking forward to trying it out.