- All topics
- WMSPanel functionality
General questions regarding cloud control and reporting panel - Paywall: WMSAuth and beyond
Hotlink protection, geo restriction, pay-per-view and more - Nimble Streamer
Light-weight freeware streaming server - Other
Other products of our company
Forum
Multiple CORS domains
Pepijn 2015-12-13 17:10:04 UTC in Nimble Streamer
I switched from nginx-rtmp to Nimble yesterday and I really like it, but I got one problem;
I got multiple domains accessing the playlist.m3u8
- https://cast.mydomain.tv/
- https://www.mydomain.tv/
- https://cdn.mydomain.tv/
My Nimble server must return the Access-Control-Allow-Origin CORS header.
I know I can set the header to one domain or to a wildcard but a wildcard isn't very safe and one domain isn't enough for me.
I used to check the origin and set the header to the origin if the origin was in an array of allowed domains.
It's explained here: http://www.w3.org/TR/cors/#resource-implementation - 6.4 Implementation Considerations
Is it possible to do this with Nimble Streamer?
Yury Udovichenko 2015-12-14 00:09:00 UTC
Hello,
Please read this article regarding the CORS setup in Nimble Streamer: http://blog.wmspanel.com/2014/12/cross-domain-policy-access-control-nimble.html
It may cover the case which you described.
Also, please take a look at our paywall feature set, you may find it useful as well: https://wmspanel.com/paywall
Thank you.
Pepijn 2015-12-14 10:13:44 UTC
Thank you for the answer.
I have already seen that but it doesn't seem possible to define multiple domains.
I'm already using hotlink protection but I'd like to make it more secure.
Thank you,
Pepijn
Max 2015-12-14 13:58:30 UTC
Hello,
It is not possible to do it right now, but we'll consider implementing it in the future. Could you please clarify, how did you use it with nginx-rtmp, did you use several locations with different Access-Control-Allow-Origin headers?
Thank you.
Pepijn 2015-12-14 19:44:51 UTC
Hello,
Nginx-rtmp created the HLS files and they were served through a PHP server.
The PHP server checked the origin and set the Access-Control-Allow-Origin header to the origin if the origin was in an array of allowed domains.
Can I have your mail to send you the PHP class?
Thank you for the help.
Pepijn 2015-12-14 19:44:51 UTC
Hello,
Nginx-rtmp created the HLS files and they were served through a PHP server.
The PHP server checked the origin and set the Access-Control-Allow-Origin header to the origin if the origin was in an array of allowed domains.
Can I have your mail to send you the PHP class?
Thank you for the help.
Max 2015-12-14 20:15:37 UTC
Hi,
OK, this means you had some custom script allowing to generate response headers, it was not just a list of pre-configured domains.
Please send PHP script to info@nimblestreamer.com.
Thank you.
Post a reply
Post a new question