Issue on DM with OpenAPI - Video Player Container API

When using the DynamicMedia with open APIs function [ 0] , and use the code returned to display the viewer from an external website unaltered, the code generates malformed URLs to fetch video details and won’t work.

[ 0]  https://developer.adobe.com/experience-cloud/experience-manager-apis/api/stable/assets/delivery/#operation/videoPlayerDelivery

Description description

Description : When I take the documentation here:
https://developer.adobe.com/experience-cloud/experience-manager-apis/api/stable/assets/delivery/#operation/videoPlayerDelivery

and use the request/response window at the right hand side of that
documentation to test a video asset and have it return the code
I think I can reproduce the following concern:

For bucket I use: “delivery-pxxxxx-eyyyyyyy” (activated DMwOA delivery domain)
For security I use “none” to keep the example simple and to show that
security is not the cause of the concern.
For assetId I use “urn:aaid:aem:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee” (valid and approved assetID)

When I use generate the response from that, I see on line 157:
let origin = window.location.origin;
where that leads to the error you are seeing from the thumbnail request
on line 160, and on the manifest request on line 174, since
window.location.origin is not served from the delivery server
“https://delivery-pxxxxx-eyyyyyyy.adobeaemcloud.com” but from your own
webserver as expected. It should be 'let
origin=“https://delivery-pxxxxx-eyyyyyy.adobeaemcloud.com” ’ or
whatever the delivery server is submitted with the request.

Is that a bug? What is the recommendation?

Resolution resolution

What you are seeing is expected:
• The code returned by the Video Player Delivery operation is a fixed
HTML template that contains

let origin = window.location.origin;
… fetch(${origin}/adobe/assets/…)

It deliberately assumes it is being rendered from the same host that
will serve the streams ‑ namely the delivery tier (for your test bucket
that would be https://delivery-pxxxxx-eyyyyyy.adobeaemcloud.com).
• When you execute that snippet from the Swagger “Try it” panel (which
runs on developer.adobe.com) or paste it into your own site,
window.location.origin no longer equals the delivery host. The thumbnail
and manifest fetches therefore go to the wrong origin and 404/
CORS-fail.
• The behaviour of the delivery service itself is correct; the issue is
only with where the sample is executed. Because /play is an iframe
convenience wrapper it cannot know the right host when run outside the
delivery domain.
Recommended way to test or embed a branded player:

(See Delivery API docs: Delivery APIs.)
If you must keep using /play you need to host the iframe from the
delivery-pxxxxx-eyyyyyy domain or adjust the generated HTML so that
origin is hard-coded to that host.