Forum

Post a new question

Categories:

Tags:

Handling multiple Origins/domains when request is being proxied to CloudFront

David 2018-01-12 13:03:09 UTC in Nimble Streamer
668f1e4dd1a42144db0201635e59f025

Hi there

I have multiple domains, lets say sportsteam.tv and sportsleague.tv
and want to implement CloudFront as a CDN incase of big unexpected viewerships that my usual VPS setup can't handle comfortably (past say 1000 concurrent viewers).

I have setup cdn.sportsteam.tv and cdn.sportsleague.tv as valid CloudFront CNAME subdomains all running under HTTPS.

All of my content is protected using Cookies, with xhrSetup and xhr.withCredentials=true in my hls.js initialisation code.

However, I cannot now use * as a access_control_allow_origin and Cross Domain does not seem to be acknowledged in this setup.

If I set my nimble.conf access_control_allow_origin = sportsteam.tv, sportsleague.tv (with or without https://) the browser gives me some variety of: "Failed to load https://cdn.sportsteam.tv/xxx/playlist.m3u8: The 'Access-Control-Allow-Origin' header contains multiple values 'https://sportsteam.tv,https://sportsleague.tv', but only one is allowed"

I have seen other suggestions on the web to re-write headers based on the $_REQUEST['http_domain'] (or whatever) but that doesn't seem possible in nimble.

I could dedicate one machine to this CDN origin, happily enough, but I cannot dedicate five machines for my ~five client domains for origins.

Could there be a way to get nimble to present the requesting domain (somehow) as the accepted one, like: https://streamerdomain.com:port/origin=sportsteam.tv/streamurl.m3u8
and then the origin should be approved/validated in some way.

I hope that all makes sense...!! Am happy to discuss further details, show example of live use case via email if desired.

Thanks
David

David 2018-01-12 13:05:16 UTC
668f1e4dd1a42144db0201635e59f025

To be clear, if i set my access_control_allow_origin = sportsteam.tv on my nimble.conf - cloudfront + the player will all work happily together and play back video via the CDN.

Alex Pokotilo 2018-01-14 03:50:02 UTC
B0af1cee7eb1e40dd284d9982b3aef70

David,
thanks for analysis you are correct in your findings.
Am I right that it's enough to return "Origin" header in case if "Origin" is among access_control_allow_origin specified in nimble.conf ?
"Access-Control-Allow-Origin" header cannot be a list of domains but rather should be exact domain.
We can change access_control_allow_origin behavior so that if we have domain list then we check Origin header and find matched domain in the list and If exists return Origin if not - don't add Access-Control-Allow-Origin at all.
What do you think ?

David 2018-01-14 10:26:33 UTC
668f1e4dd1a42144db0201635e59f025

It seems like that would be a suitable workaround. If you need me to help run a test version please let me know I’ll be happy to help.

Alex Pokotilo 2018-01-15 06:50:11 UTC
B0af1cee7eb1e40dd284d9982b3aef70

David,
could you please give us http request headers client sent and http headers received in case if you setup
access_control_allow_origin = sportsteam.tv
And access sportsteam.tv in case if your setup works.
I need to check requested/returned headers to make sure my fix will work

David 2018-01-17 11:33:58 UTC
668f1e4dd1a42144db0201635e59f025

Alex I've sent an email to support FAO you.

Alex Pokotilo 2018-01-18 01:24:31 UTC
B0af1cee7eb1e40dd284d9982b3aef70

David,
I've got it and replied.
To everybody interested in the subject - we will release this support soon.

David 2018-01-18 01:27:04 UTC
668f1e4dd1a42144db0201635e59f025

Thanks Alex, looking forward to trying it out.

Post a reply