Cross-origin resource sharing

Support for the withCredentials attribute in XMLHttpRequests allows cross-origin resource sharing (CORS) requests to include the target domain’s cookies for a variety of request types.

When the client requests a manifest, segment, or key, the server may set a cookie that the client must pass for subsequent requests. To allow for reading and writing cookies, the client must set the withCredentials attribute to true for cross-origin requests.

To enable withCredentials support for most types of requests when playing a given media resource:

  1. Create the CORSConfig object.

    var corsConfig = new AdobePSDK.CORSConfig();  
    corsConfig.enableEncryptionRequest = true; 
    
  2. Attach the corsConfig to the NetworkConfiguration object and set useCookieHeaderForAllRequests to true.

    var networkConfig = new AdobePSDK.NetworkConfiguration();  
    networkConfig.CORSConfig = corsConfig; 
    networkConfiguration.useCookieHeaderForAllRequests= true;
    
  3. Set networkConfig in the MediaPlayerItemConfig object.

    var mediaPlayerItemConfig = new AdobePSDK.MediaPlayerItemConfig();  
    mediaPlayerItemConfig.networkConfiguration = networkConfig; 
    
  4. Pass MediaPlayerItemConfig to the MediaPlayer.replaceCurrentResource method.

    var player = new AdobePSDK.MediaPlayer(); 
    mediaResource = new AdobePSDK.MediaResource(url, AdobePSDK.MediaResourceType.HLS);  
     
    player.replaceCurrentResource(mediaResource, mediaPlayerItemConfig);  
    
    
IMPORTANT

The useCookieHeaderForAllRequests flag does not affect license requests. To set the withCredentials attribute to true for a license request, you must set the withCredentials attribute in your protection data or specify an authorization key in the httpRequestHeaders of your protection data. For example:

# Example 1 
{ 
    "com.widevine.alpha": {  
        "withCredentials":true,  
        "serverURL":  
          "https://wv.service.expressplay.com/hms/wv/rights/?ExpressPlayToken=[YOUR_TOKEN</i]" } 
} 
 
# Example 2 
{ 
    "com.widevine.alpha": { 
        "httpRequestHeaders": {  
            "authorization": "true"  
            }, 
        "serverURL":  
          "https://wv.service.expressplay.com/hms/wv/rights/?ExpressPlayToken=[YOUR_TOKEN</i>]" }
        } 
}

The flag does not affect a license request because some servers set the Access-Control-Allow-Origin field to wildcard (‘*’) in their response. But, when the credentials flag is set to true, the wildcard cannot be used in Access-Control-Allow-Origin. If you set useCookieHeaderForAllRequests to true for all types of requests, you might see the following error for a license request:

Remember the following information:

  • When a call with withCredentials=true fails, Browser TVSDK retries the call without withCredentials.
  • When a call is made with networkConfiguration.useCookieHeaderForAllRequests=false, XHR requests are made without the withCredentials attribute.

On this page

Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Summit Banner

A virtual event April 27-28.

Expand your skills and get inspired.

Register for free
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now
Adobe Maker Awards Banner

Time to shine!

Apply now for the 2021 Adobe Experience Maker Awards.

Apply now