Anytime you want to play an FLV stream from another
Origin, the server must response with a CORS header:
Access-Control-Allow-Origin: <your-origin> | *
For example, if an html on your site
http://flvplayback.com want’s to play an FLV from another
http://cdn.flvplayback.com, the video server must response with the following CORS header:
Or a wildcard value
* to allow any request origin:
For static FLV file playback, we recommend you to add:
Or you should provide accurate filesize in MediaDataSource object.
If your video server response with a 3xx redirection, the redirection’s response headers must contains
Obviously the redirect target server should also response with CORS headers, but pay attention that the browser will send
Origin: null in redirected request according to current CORS policy.
It means that your actual edge server should response with:
Access-Control-Allow-Origin: null | *
Or you can determine by request header
When use Range seek for cross-origin FLV file,
Range header added by flv.js will cause a Preflight OPTIONS request by the browser.
The browser will send an
OPTIONS request before actual
GET request, with following additional headers according to CORS policy:
Access-Control-Request-Headers: range Access-Control-Request-Method: GET
This means your video server must response to OPTIONS request with following additional CORS headers:
Access-Control-Allow-Origin: <your-origin> | * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: range
We strongly advise you to read HTTP access control (CORS) and CORS spec document carefully.