Wowza Community

CORS issue with security token with wowza cloud to fastly

Hi there,

I have a problem with a live stream player, generated with the wowza player builder ( https://player.wowza.com/builder ).
If I add the withCredentials value, the player fails to load the stream and I´m getting a CORS error:

Access to XMLHttpRequest at ‘https://cdn3.wowza.com/1/xxxxxxxx/xxxxxxx/hls/live/playlist.m3u8’ from origin ‘https://player.wowza.com’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.

This happens in the player preview and with the player on my own domain/webspace.
I guess, this is an error because it should at least work on the player generator page.

My goal is the secure the player with a security token.

Any hints?

We’re releasing a Cloud/Fastly update later on today @Marcel Fontes and that may resolve this. I’ll be sure to send you the info when it is complete so you can try it out.

I am assuming you’ve already checked this:

-The server might be running over HTTP and serving the stream over HTTP, but the client (player) might be loaded over HTTPS. This would trigger CORS issues.

Issue solved, thanks.

Here is a manual: https://www.wowza.com/docs/protect-a-wowza-cdn-on-fastly-stream-target-with-token-authentication-using-the-wowza-streaming-cloud-rest-api

I used the example code on Github: https://github.com/WowzaMediaSystems/wsc-fastly-token-auth-examples

Please be aware that “protect by IP” does not work in some cases because the user could have a dual stack IP.

Thank you Marcel!!

please tell me @Marcel Fontes you are true blood please help me how can i protect my stream like this…

My goal is the secure the player with a security token.

Any hints? please help Marcel Bro…

Here is a manual: https://www.wowza.com/docs/protect-a-wowza-cdn-on-fastly-stream-target-with-token-authentication-using-the-wowza-streaming-cloud-rest-api

I used the example code on Github: https://github.com/WowzaMediaSystems/wsc-fastly-token-auth-examples

Please be aware that “protect by IP” does not work in some cases because the user could have a dual stack IP.

okay Thank U So Much and Please Guide me how to use Security key with my stream id … where can i putt security Token Authentication Key…

https://cdn3.wowza.com/1/Q0NsQmxKQm5XTU80/Y0c0REIx/hls/live/playlist.m3u8