cors headers?

[batrlatom]

Hello,
is it possible to enable cors headers in the server? And if not, would you be open to implementing it?
The case is that whenever I want to use your server to stream into the website, it fails because of cors

For example. by using ReactHlsPlayer ( https://www.npmjs.com/package/react-hls-player ) and having
rtsp -> hls running on the secure domain, I get :

Access to XMLHttpRequest at 'https://*************/stream/' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
hls.js:14557 GET https://api.recallmagic.com/stream/ net::ERR_FAILED

[aler9]

added to main, will be added to next release

[batrlatom]

Hi, thank you!

I made a simple change to make it work also for m3u8 and ts files.
In convertor.go:

func (c *Converter) runRequestHandler(terminate chan struct{}, done chan struct{}) {
	defer close(done)

	for {
		select {
		case <-terminate:
			return

		case preq := <-c.request:
			req := preq

			req.W.Header().Add("Access-Control-Allow-Origin", "*")

			atomic.StoreInt64(&c.lastRequestTime, time.Now().Unix())

			conf := c.path.Conf()

			if conf.ReadIPsParsed != nil {
				tmp, _, _ := net.SplitHostPort(req.Req.RemoteAddr)
				ip := net.ParseIP(tmp)
				if !ipEqualOrInRange(ip, conf.ReadIPsParsed) {
					c.log(logger.Info, "ERR: ip '%s' not allowed", ip)
					req.W.WriteHeader(http.StatusUnauthorized)
					req.Res <- nil
					continue
				}
			}

			if conf.ReadUser != "" {
				user, pass, ok := req.Req.BasicAuth()
				if !ok || user != conf.ReadUser || pass != conf.ReadPass {
					req.W.Header().Set("WWW-Authenticate", `Basic realm="rtsp-simple-server"`)
					req.W.WriteHeader(http.StatusUnauthorized)
					req.Res <- nil
					continue
				}
			}

			switch {
			case req.Subpath == "stream.m3u8":
				func() {
					c.tsMutex.Lock()
					defer c.tsMutex.Unlock()

					if len(c.tsQueue) == 0 {
						req.W.WriteHeader(http.StatusNotFound)
						req.Res <- nil
						return
					}

					cnt := "#EXTM3U\n"
					cnt += "#EXT-X-VERSION:3\n"
					cnt += "#EXT-X-ALLOW-CACHE:NO\n"
					cnt += "#EXT-X-TARGETDURATION:10\n"
					cnt += "#EXT-X-MEDIA-SEQUENCE:" + strconv.FormatInt(int64(c.tsDeleteCount), 10) + "\n"
					for _, f := range c.tsQueue {
						cnt += "#EXTINF:10,\n"
						cnt += f.Name() + ".ts\n"
					}
					
					req.Res <- bytes.NewReader([]byte(cnt))
				}()

			case strings.HasSuffix(req.Subpath, ".ts"):
				base := strings.TrimSuffix(req.Subpath, ".ts")

				c.tsMutex.Lock()
				f, ok := c.tsByName[base]
				c.tsMutex.Unlock()

				if !ok {
					req.W.WriteHeader(http.StatusNotFound)
					req.Res <- nil
					continue
				}

				req.Res <- f.buf.NewReader()

			case req.Subpath == "":

				req.Res <- bytes.NewReader([]byte(index))

			default:
				req.W.WriteHeader(http.StatusNotFound)
				req.Res <- nil
			}
		}
	}
}

[batrlatom]

Do you plan to add the cors headers generation to the spot I pointed out? I was not able to make it running properly with the original code. Thanks

[ciklista]

I can confirm that the solution from @batrlatom works. Tested with VimeJS.

[aler9]

yes, it has been added

[aler9]

added to v0.16.2

[bluenviron-bot]

This discussion is being locked automatically because the last update was more than 2 years ago.

Do not use the content of this discussion as reference since it's probably outdated!

The official documentation is the only place in which you can find up-to-date answers.