What is cross-origin access?
Browsers that support JavaScript use the same-origin policy to ensure security. Assume that Website A and Website B belong to different origins. When Website A uses JavaScript to access Website B, the browser rejects the request.
Problem description
A message indicating a cross-origin error appears when the player plays streams based on M3U8 playlists.
Troubleshooting
- Check whether a policy file is added for the player.
Add a cross-origin policy file for the player to implement cross-origin access. You must add the cross-origin access permission to the crossdomain.xml file and add the file to the root directory of the domain name to which the streaming URL belongs.
For example, you must add
http://test1.com/crossdomain.xmlforhttp://test1.com/app/test.m3u8.<? xml version="1.0" encoding="UTF-8"? > <cross-domain-policy> <allow-access-from domain="*"/> <allow-http-request-headers-from domain="*" headers="*" secure="false"/> </cross-domain-policy> - Check whether an HTTP header is configured.
Log on to the ApsaraVideo Live console and go to the Domain Management page. Find the domain name for which you want to configure an HTTP header and click Domain Settings in the Actions column. On the page that appears, click HTTP Header Settings. On the tab that appears, click Add. In the HTTP Header Settings dialog box, set the Header parameter to Access-Control-Allow-Origin and set the Value parameter to
*or the full domain name to which you want to apply the access control policy, such aswww.alliyun.com. For more information, see Configure HTTP headers.Note You can set the Value parameter only to*or a single domain name. If you want to implement cross-origin access for multiple domain names, set the Value parameter to*.