Wowza Logo Wowza Icon
Wowza Video Sign Out
Talk to an Expert Free Trial
Wowza Video Sign Out

Wowza Community

'Access-Control-Allow-Origin' header in the response must not be the wildcard '*'

Wowza Streaming Engine
#1

How to do configure specify domain value of the ‘Access-Control-Allow-Origin’ header ?

Default is ‘*’ , but I have to use some domain by application.

I tried to add in application.xml, but it does not work!

My wowza version is 4.8.5

Changing Default CORS Headers to Specify a Domain
#2

First disable the “Cross-origin resource sharing” for the Application via the Wowza Engine Manager website. Then edit your Application.xml and set the cupertinoUserHTTPHeaders property (for HLS). NB! You must add this as a property inside the HTTPStreamer tag, it’s not an Application property that you add at the bottom of the file.

See this example: https://docs.viblast.com/player/cors/cors-on-wowza; replace the asterisk with the URL of your origin. For more into on Access-Control-Allow-Origin, see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

#3

Hi,

That’s how it works.

Karel, I see you know the WSE security very well.

Such a question:

how to secure local stream playback. For example, I copy the stream address https: //server…m3u8? Token etc and paste it into VLC.

It runs on the same machine on which we opened the page. Of course, there will be no token on others.

What to do to prevent local streaming? Pure stream address. Possible?
D

#4

Thank you for your assistant.

But it’s not work.

I tried to do many way, Wowza only reply with ‘*’.

HTTP/1.1 200 OK

Server: WowzaStreamingEngine/4.8.5

Access-Control-Allow-Origin: *

#5

It does work. I just tested this; and added the required Property to the HttpStreams section of the Application.xml. Then, I used curl to verify the response headers of the playlist.m3u8

curl -vs [http://localhost:1935/live/mytest/playlist.m3u8](http://localhost:1935/live/mytest/playlist.m3u8)

An excerpt of the response below

< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Access-Control-Expose-Headers: Date, Server, Content-Type, Content-Length
< Server: WowzaStreamingEngine/4.8.5
< Cache-Control: no-cache
**< Access-Control-Allow-Origin: http://www.domain.com**
< Access-Control-Allow-Credentials: true
#6

@Dorota Szafer-Kwasik; the first thing you can do, is search Wowza’s documentation (https://www.wowza.com/docs) and these forums for that topic, as there’s an abundance of information available. Give it a try based on the information you can find, and if you get stuck, post your question in a new forum thread, as this is a totally different subject that what we’ve been discussing here. Alternatively, you may join Wowza’s Slack community (https://www.wowza.com/slack) and as your question there.

© 2007–2024 Wowza Media Systems, LLC. All rights reserved.   Security & Privacy PolicyLegalSystem Status