- All topics
- WMSPanel functionality
General questions regarding cloud control and reporting panel - Paywall: WMSAuth and beyond
Hotlink protection, geo restriction, pay-per-view and more - Nimble Streamer
Light-weight streaming server for HLS, Smooth and progressive download - Case study
Show your example, tell about how our products helped your business - Dispersa
Distributed streams availability checker
Forum
Handling multiple Origins/domains when request is being proxied to CloudFront
David 2018-01-12 13:03:09 UTC in Nimble Streamer
Hi there
I have multiple domains, lets say sportsteam.tv and sportsleague.tv
and want to implement CloudFront as a CDN incase of big unexpected viewerships that my usual VPS setup can't handle comfortably (past say 1000 concurrent viewers).
I have setup cdn.sportsteam.tv and cdn.sportsleague.tv as valid CloudFront CNAME subdomains all running under HTTPS.
All of my content is protected using Cookies, with xhrSetup and xhr.withCredentials=true in my hls.js initialisation code.
However, I cannot now use * as a access_control_allow_origin and Cross Domain does not seem to be acknowledged in this setup.
If I set my nimble.conf access_control_allow_origin = sportsteam.tv, sportsleague.tv (with or without https://) the browser gives me some variety of: "Failed to load https://cdn.sportsteam.tv/xxx/playlist.m3u8: The 'Access-Control-Allow-Origin' header contains multiple values 'https://sportsteam.tv,https://sportsleague.tv', but only one is allowed"
I have seen other suggestions on the web to re-write headers based on the $_REQUEST['http_domain'] (or whatever) but that doesn't seem possible in nimble.
I could dedicate one machine to this CDN origin, happily enough, but I cannot dedicate five machines for my ~five client domains for origins.
Could there be a way to get nimble to present the requesting domain (somehow) as the accepted one, like: https://streamerdomain.com:port/origin=sportsteam.tv/streamurl.m3u8
and then the origin should be approved/validated in some way.
I hope that all makes sense...!! Am happy to discuss further details, show example of live use case via email if desired.
Thanks
David
David 2018-01-12 13:05:16 UTC
To be clear, if i set my access_control_allow_origin = sportsteam.tv on my nimble.conf - cloudfront + the player will all work happily together and play back video via the CDN.
Alex Pokotilo 2018-01-14 03:50:02 UTC
David,
thanks for analysis you are correct in your findings.
Am I right that it's enough to return "Origin" header in case if "Origin" is among access_control_allow_origin specified in nimble.conf ?
"Access-Control-Allow-Origin" header cannot be a list of domains but rather should be exact domain.
We can change access_control_allow_origin behavior so that if we have domain list then we check Origin header and find matched domain in the list and If exists return Origin if not - don't add Access-Control-Allow-Origin at all.
What do you think ?
David 2018-01-14 10:26:33 UTC
It seems like that would be a suitable workaround. If you need me to help run a test version please let me know I’ll be happy to help.
Alex Pokotilo 2018-01-15 06:50:11 UTC
David,
could you please give us http request headers client sent and http headers received in case if you setup
access_control_allow_origin = sportsteam.tv
And access sportsteam.tv in case if your setup works.
I need to check requested/returned headers to make sure my fix will work
David 2018-01-17 11:33:58 UTC
Alex I've sent an email to support FAO you.
Alex Pokotilo 2018-01-18 01:24:31 UTC
David,
I've got it and replied.
To everybody interested in the subject - we will release this support soon.
David 2018-01-18 01:27:04 UTC
Thanks Alex, looking forward to trying it out.
Vitl 2018-07-19 11:21:14 UTC
Is there already support subject?
Terry 2018-08-04 02:12:28 UTC
Has this been implemented?
Post a reply
Post a new question