Hi,
I like the API, I've gotten it to work now. However, I noticed there's no restrictive CORS policy on the actual M3U8 stream files. Since this will be used within an HTML <video src=""> tag, the m3u8 URL would be easily available via inspect-element. So users could potentially take the link and embed it on their website with no issues. How can this be prevented? Is it possible to create some sort of protection? Eg. add a new parameter "host" where you can pass the domain/host name from where you'll be hosting the stream so it can only be used where defined.
Thanks in advance,
Partecipa alla discussione - aggiungi un commento di seguito:
Hmm are these options adjustable at all? I feel like 7 days is too long and 10 different users is far too many considering that 1 link should theoretically be for 1 user. Personally I’d find 24hr duration + 2 different IP/UserAgents more acceptable.
Thanks for your response, I appreciate it.
Hi! Every link has special token in JWT format, that restricts:
You have noticed good problem, that was noticed and fixed earlier. There were a lot of treats like this.