|
| 1 | +--- |
| 2 | +pcx_content_type: how-to |
| 3 | +title: Define source origin |
| 4 | +sidebar: |
| 5 | + order: 4 |
| 6 | + badge: |
| 7 | + text: Beta |
| 8 | +--- |
| 9 | + |
| 10 | +When optimizing remote videos, you can specify which origins can be used as the source for transformed videos. By default, Cloudflare accepts only source videos from the zone where your transformations are served. |
| 11 | + |
| 12 | +On this page, you will learn how to define and manage the origins for the source videos that you want to optimize. |
| 13 | + |
| 14 | +:::note |
| 15 | +The allowed origins setting applies to requests from Cloudflare Workers. |
| 16 | + |
| 17 | +If you use a Worker to optimize remote videos via a `fetch()` subrequest, then this setting may conflict with existing logic that handles source videos. |
| 18 | +::: |
| 19 | + |
| 20 | +## Configure origins |
| 21 | + |
| 22 | +To get started, you must have [transformations enabled on your zone](/stream/transform-videos/#getting-started). |
| 23 | + |
| 24 | +In the Cloudflare dashboard, go to **Stream** > **Transformations** and select the zone where you want to serve transformations. |
| 25 | + |
| 26 | +In **Sources**, you can configure the origins for transformations on your zone. |
| 27 | + |
| 28 | + |
| 29 | + |
| 30 | +## Allow source videos only from allowed origins |
| 31 | + |
| 32 | +You can restrict source videos to **allowed origins**, which applies transformations only to source videos from a defined list. |
| 33 | + |
| 34 | +By default, your accepted sources are set to **allowed origins**. Cloudflare will always allow source videos from the same zone where your transformations are served. |
| 35 | + |
| 36 | +If you request a transformation with a source video from outside your **allowed origins**, then the video will be rejected. For example, if you serve transformations on your zone `a.com` and do not define any additional origins, then `a.com/video.mp4` can be used as a source video, but `b.com/video.mp4` will return an error. |
| 37 | + |
| 38 | +To define a new origin: |
| 39 | + |
| 40 | +1. From **Sources**, select **Add origin**. |
| 41 | +2. Under **Domain**, specify the domain for the source video. Only valid web URLs will be accepted. |
| 42 | + |
| 43 | + |
| 44 | + |
| 45 | +When you add a root domain, subdomains are not accepted. In other words, if you add `b.com`, then source videos from `media.b.com` will be rejected. |
| 46 | + |
| 47 | +To support individual subdomains, define an additional origin such as `media.b.com`. If you add only `media.b.com` and not the root domain, then source videos from the root domain (`b.com`) and other subdomains (`cdn.b.com`) will be rejected. |
| 48 | + |
| 49 | +To support all subdomains, use the `*` wildcard at the beginning of the root domain. For example, `*.b.com` will accept source videos from the root domain (like `b.com/video.mp4`) as well as from subdomains (like `media.b.com/video.mp4` or `cdn.b.com/video.mp4`). |
| 50 | + |
| 51 | +3. Optionally, you can specify the **Path** for the source video. If no path is specified, then source videos from all paths on this domain are accepted. |
| 52 | + |
| 53 | +Cloudflare checks whether the defined path is at the beginning of the source path. If the defined path is not present at the beginning of the path, then the source video will be rejected. |
| 54 | + |
| 55 | +For example, if you define an origin with domain `b.com` and path `/themes`, then `b.com/themes/video.mp4` will be accepted but `b.com/media/themes/video.mp4` will be rejected. |
| 56 | + |
| 57 | +4. Select **Add**. Your origin will now appear in your list of allowed origins. |
| 58 | +5. Select **Save**. These changes will take effect immediately. |
| 59 | + |
| 60 | +When you configure **allowed origins**, only the initial URL of the source video is checked. Any redirects, including URLs that leave your zone, will be followed, and the resulting video will be transformed. |
| 61 | + |
| 62 | +If you change your accepted sources to **any origin**, then your list of sources will be cleared and reset to default. |
| 63 | + |
| 64 | +## Allow source videos from any origin |
| 65 | + |
| 66 | +When your accepted sources are set to **any origin**, any publicly available video can be used as the source video for transformations on this zone. |
| 67 | + |
| 68 | +**Any origin** is less secure and may allow third parties to serve transformations on your zone. |
0 commit comments