Hi,

due to recent updates in chrome/edge browsers, we aren’t able to get response from HTTP Provider. We are using the default HTTP Provider which just returns the ServerVersion.

The HTTP Provider URL is accessed over https, for example the url is https://wowza.ssl.com/ServerVersion. This URL is being hit from our app which is publicly accessible, the Wowza server is installed in the on-premises. So when customer is accessing the app in on-prem, chrome is not allowing the request to the HTTP Provider as it is being treated as a Private network requests.

Private network requests are requests whose target server’s IP address is more private than that from which the request initiator was fetched.

The solution is to send a custom header from Wowza server Access-Control-Allow-Private-Network: true whenever the HTTP provider url is accessed.

We are on Wowza streaming engine version 4.8.5 and I am not sure how to add this header to the response from the HTTP Provider?

Regards,
Alok

Actually am not sure if issue actually warrants a custom header solution or not. There might be better ways to do this. But if I were to just to take it as it is, here is what I can suggest :

If you wanted to add custom header you can write a custom http provider to consume the existing endpoint and proxy it out to client. While spitting it out add headers that you might want. So after this your client should consume the new endpoint not the old one.

And this can be done in any other language as well. Does not have to be a wowza module.

As @Connessione says; you can write a custom HTTP Provider that adds the custom header, or you can route your request through a proxy (e.g. Nginx) and add the header when the response is passing through.

I have a similar issue with the Wowza Load Balancer and a few Live Edge servers.

It is hard to accept that in order to add a few headers you need to write your custom HTTP provider module. It should be possible to configure the HTTP providers through the VHost file to acomplish this…

I suppose you can send a feature request to Wowza (probably customerservice@wowza.com)

I got the following response from Wowza support team:
You can achieve the desired result by removing the CORS Headers for a given HTTP Provider you are using. You can find the example in the following article: https://www.wowza.com/docs/how-to-enable-cross-origin-resource-sharing-cors-for-http-based-streams

However this has not solved my issue, as Access-Control-Request-Private-Network: true header is sent irrespective of cors/no-cors.

@Connessione @Karel_Boek, I tried adding the custom header but the header is being set in the actual GET request, how do I add this header in the OPTIONS request which chrome is sending as a preflight request?

My code:

	public void onHTTPRequest(IVHost vhost, IHTTPRequest req, IHTTPResponse resp) {
		if (!doHTTPAuthentication(vhost, req, resp))
			return;

		String helloStr = "Wowza Server is available!";
		String retStr = "<html><head><title>" + helloStr + "</title></head><body>" + helloStr + "</body></html>";

		try {
			resp.setHeader("Access-Control-Allow-Private-Network", "true");
			OutputStream out = resp.getOutputStream();
			byte[] outBytes = retStr.getBytes();
			out.write(outBytes);
		} catch (Exception e) {
			WMSLoggerFactory.getLogger(null).error("HTTPServerVersionCustom: " + e.toString());
		}

	}

So this is why I mentioned in the beginning that maybe going about header manipulation is not the right choice here. The header is being added by chrome not by wowza. See this stackverflow answer. You should perhaps reconsider the design instead.

Of course header manipulation is the way to solve the issue. The header “Access-Control-Request-Private-Network: true” is added by the browser, but the same browser expects to receive a response header from the server “Access-Control-Allow-Private-Network: true”. If the header is not added to the response (obviously by the Wowza server) the browser won’t send the actual request after the preflight request…

EDIT: What we need to do is make Wowza add that single response header. It should be simple and it would solve the issue right away.

The header should be set in response to the preflight OPTIONS request, this request is not captured by the custom HTTPProvider.
Do you have any suggestion on how this header can be added to OPTIONS request’s response by Wowza?

After working with this through a support ticket for several days, I think we have a solution for our use case (which is a bit different than yours, since it uses an application).

In our case we had to add the following 2 properties to the list of HTTPStreamer/Properties in our Applicaiton.xml file.

<Property>
        <Name>httpUserHTTPHeaders</Name>
        <Value>Access-Control-Request-Private-Network: true</Value>
        <Type>String</Type>
</Property>

<Property>
        <Name>optionsCORSHeadersSetMain</Name>
        <Value>Access-Control-Request-Private-Network: true</Value>
        <Type>String</Type>
</Property>

It is weird how the headers were not added to the OPTIONS responses unless both properties were added, just adding the “optionsCORSHeadersSetMain” won’t work.

I know your use case is a bit different, but you could try adding those 2 properties to your VHost properties (A similar approach is documented in the oficial CORS documentation.

Well that is definitely helpful to know. Too bad that a simple module way didn’t work. Or maybe there is a way but might take longer to figure out ?