我正在尝试访问经过第三方身份验证的第三方服务器上的m3u8流(通过“授权”标头中的令牌)。
对于上下文,要在ffplay中播放流,我会这样做:
ffplay -headers "Authorization: TOKEN" -i "URL"
清单和清单中的各个块都需要存在此Authorization标头才能播放流。
首先,我应该使用哪个加载器(为了避开CORS,因为我不能告诉服务器允许来自我的域的CORS请求),xhr或Fetch?我假设要提取?
然后如何将授权令牌应用于每个请求?这是我的xhr和fetch的两个配置:
var xhrConfig = {
xhrSetup: function(xhr, url) {
xhr.withCredentials = true;
xhr.open('GET', url, true);
xhr.setRequestHeader('Authorization', token)
}
}
var fetchConfig = {
fetchSetup: function(context, initParams) {
initParams.credentials = 'include';
var myHeaders = new Headers();
myHeaders.append('Authorization', token);
initParams.headers = myHeaders;
return new Request(context.url,initParams);
}
}
如果如上所述尝试使用xhrLoader,加载清单文件时会出错:
Failed to load https://manifest.m3u8: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'MY_DOMAIN' is therefore not allowed access.
如果如上所述,我尝试使用fetchLoader,则会得到以下信息(暗示其首先加载了清单文件,但无法访问清单中定义的AES密钥):
Failed to load https://KEY_FILE_REFERRED_TO_WITHIN_MANIFEST: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'MY_DOMAON' is therefore not allowed access. The response had HTTP status code 403.
VM39:1 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://KEY_FILE_REFERRED_TO_WITHIN_MANIFEST with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details
^ key file within the manifest
密钥文件还需要相同的授权令牌才能访问。它与主清单文件位于同一顶级域上,但其余部分不同,如下所示:
Manifest & segments: https://hls.domain.com/manifest.m3u8
AES Key (within Manifest: https://drm.domain.com/manifest.m3u8