Support for the withCredentials attribute in XMLHttpRequests allows cross-origin resource sharing (CORS) requests to include the target domain’s cookies for a variety of request types.
When the client requests a manifest, segment, or key, the server may set a cookie that the client must pass for subsequent requests. To allow for reading and writing cookies, the client must set the withCredentials
attribute to true
for cross-origin requests.
To enable withCredentials
support for most types of requests when playing a given media resource:
Create the CORSConfig
object.
var corsConfig = new AdobePSDK.CORSConfig();
corsConfig.enableEncryptionRequest = true;
Attach the corsConfig
to the NetworkConfiguration
object and set useCookieHeaderForAllRequests
to true
.
var networkConfig = new AdobePSDK.NetworkConfiguration();
networkConfig.CORSConfig = corsConfig;
networkConfiguration.useCookieHeaderForAllRequests= true;
Set networkConfig
in the MediaPlayerItemConfig
object.
var mediaPlayerItemConfig = new AdobePSDK.MediaPlayerItemConfig();
mediaPlayerItemConfig.networkConfiguration = networkConfig;
Pass MediaPlayerItemConfig
to the MediaPlayer.replaceCurrentResource
method.
var player = new AdobePSDK.MediaPlayer();
mediaResource = new AdobePSDK.MediaResource(url, AdobePSDK.MediaResourceType.HLS);
player.replaceCurrentResource(mediaResource, mediaPlayerItemConfig);
The useCookieHeaderForAllRequests
flag does not affect license requests. To set the withCredentials
attribute to true
for a license request, you must set the withCredentials
attribute in your protection data or specify an authorization key in the httpRequestHeaders
of your protection data. For example:
# Example 1
{
"com.widevine.alpha": {
"withCredentials":true,
"serverURL":
"https://wv.service.expressplay.com/hms/wv/rights/?ExpressPlayToken=[YOUR_TOKEN</i]" }
}
# Example 2
{
"com.widevine.alpha": {
"httpRequestHeaders": {
"authorization": "true"
},
"serverURL":
"https://wv.service.expressplay.com/hms/wv/rights/?ExpressPlayToken=[YOUR_TOKEN</i>]" }
}
}
The flag does not affect a license request because some servers set the Access-Control-Allow-Origin
field to wildcard (‘*’) in their response. But, when the credentials flag is set to true
, the wildcard cannot be used in Access-Control-Allow-Origin
. If you set useCookieHeaderForAllRequests
to true
for all types of requests, you might see the following error for a license request:
Remember the following information:
withCredentials=true
fails, Browser TVSDK retries the call without withCredentials
.networkConfiguration.useCookieHeaderForAllRequests=false
, XHR requests are made without the withCredentials
attribute.