Anytime you want to play an FLV stream from another Origin, the server must response with a CORS header:
Access-Control-Allow-Origin: <your-origin> | *
For example, if an html on your site http://flvplayback.com want’s to play an FLV from another Origin like http://cdn.flvplayback.com, the video server must response with the following CORS header:
Access-Control-Allow-Origin: http://flvplayback.com
Or a wildcard value * to allow any request origin:
Access-Control-Allow-Origin: *
For static FLV file playback, we recommend you to add:
Access-Control-Expose-Headers: Content-Length
Or you should provide accurate filesize in MediaDataSource object.
If your video server response with a 3xx redirection, the redirection’s response headers must contains Access-Control-Allow-Origin;
Obviously the redirect target server should also response with CORS headers, but pay attention that the browser will send Origin: null in redirected request according to current CORS policy.
It means that your actual edge server should response with:
Access-Control-Allow-Origin: null | *
Or you can determine by request header Origin dynamically.
When use Range seek for cross-origin FLV file, Range header added by flv.js will cause a Preflight OPTIONS request by the browser.
The browser will send an OPTIONS request before actual GET request, with following additional headers according to CORS policy:
Access-Control-Request-Headers: range
Access-Control-Request-Method: GET
This means your video server must response to OPTIONS request with following additional CORS headers:
Access-Control-Allow-Origin: <your-origin> | *
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Headers: range
We strongly advise you to read HTTP access control (CORS) and CORS spec document carefully.