DocsICP FilingConsole
官方文档
首页

Configure cross-origin access

更新时间:
复制 MD 格式
产品详情
我的收藏

If you receive an Access-Control-Allow-Origin error when playing FLV or M3U8 videos in a web player, enable CORS for the playback domain.

Error message

You may see the following error:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource. 
Origin ‘http://localhost:9030‘ is therefore not allowed access.

Solutions

Scenario 1: Accelerated domain in ApsaraVideo VOD

If your videos are hosted in ApsaraVideo VOD with a CDN-accelerated domain, add an HTTP response header to allow cross-origin requests.

  1. Log in to the ApsaraVideo VOD console.

  2. In the left-side navigation pane, under Configuration Management, choose CDN Configuration > Domain Names.

  3. Find the domain name that you want to configure and click Configure in the Actions column.

  4. In the left-side navigation pane, click Cache. On the Custom HTTP Response Header tab, click Add.

  5. Select Access-Control-Allow-Origin as the response header.

    Set Response Header Action to Add and Response Header Value to *. For Allow Duplicates, select Not Allowed. Ensure that Cross-Origin Verification is disabled, and then click OK.

  6. Enter the response header value and click OK.

    Note

    • Set the value to * to allow requests from any origin.

    • If the value is not *, specify one or more IP addresses or domain names, separated by commas (,).

    • If the value is not *, it must include the http:// or https:// prefix.

    • Port numbers are supported in the value.

    • Wildcard domain names are supported.

  7. Click Add, select Access-Control-Allow-Methods, and set its value to POST or GET. Separate multiple methods with a comma (,).

Note

If a TS segment's URL uses a different domain than the M3U8 URL, you must also configure CORS for the TS segment's domain.

Scenario 2: Custom domain in OSS

To access OSS resources directly from a player, enable CORS for the bucket. For detailed steps, see Set up cross-origin resource sharing.

Create a CORS rule with these settings:

  • Source: *.

  • Allowed Methods: Select GET, POST, PUT, DELETE, and HEAD.

  • Allowed Headers: *.

  • Exposed Headers: ETag.

Important

Ensure this is the first rule in your list of CORS rules.

Set Max Age (Seconds) to 0 and leave Return Vary: Origin unchecked.

Verify the configuration

Verify your CORS configuration:

  1. Open your browser's developer tools (F12).

  2. Go to the Network tab.

  3. Visit the page that makes the cross-origin request.

  4. Find and click your video request in the network request list.

  5. Check the Response Headers section and verify that the Access-Control-Allow-Origin header is present with the expected value.

If the Access-Control-Allow-Origin header appears with the correct value, CORS is configured correctly.

Previous:How do I handle errors in live streamingNext:Deploy a request proxy