CORS Filter
By default, the CORS (Cross-Origin Resource Sharing) filter is enabled and accepts requests from all origins.
If you want to customize the CORS filter at the application level, you can access the /usr/local/antmedia/webapps/{AppName}/WEB-INF/web.xml file.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<!-- cors.allowed.origins -> * and credentials are not supported at the same time.
If you set to cors.allowed.origins to specific domains and support credentials open the below lines
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
-->
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
In case, when trying to play the stream via any other domain or integrating the player into any domain then the CORS error can be faced. In that scenario, allow the specific domain and uncomment the commented part as below.
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>https://domain:port</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<!-- cors.allowed.origins -> * and credentials are not supported at the same time.
If you set to cors.allowed.origins to specific domains and support credentials open the below lines -->
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization</param-value>
</init-param>
<async-supported>true</async-supported>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
If you want to customize the CORS filter in root folder then you can do that by edit web.xml file under /usr/local/antmedia/webapps/root/WEB-INF
<filter>
<filter-name>CorsFilter</filter-name>
<filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>*</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization, ProxyAuthorization</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CorsFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
To learn more about CORS filter, check out Tomcat CORS Filter
🔐 ✅ Approved Origins — Here You GO!! 🌐 🎯
By enabling and customizing the CORS filter, you've added an extra layer of security to your streaming setup. Only clients from the specified origins are permitted to access your streams, ensuring that unauthorized sources are effectively blocked.
Your streaming environment is now smarter, tighter, and fully under your command! 🚀