Webtor
通过
Pavel Tatarskiy |
已更新 vor 2 Monaten |
Tools
人气
8.1 / 10
延迟
12,126ms
服务等级
92%
Health Check
N/A
返回所有讨论
Link Protection/CORS?
jontstaz
vor einem Jahr
Hi,
I like the API, I've gotten it to work now. However, I noticed there's no restrictive CORS policy on the actual M3U8 stream files. Since this will be used within an HTML <video src=""> tag, the m3u8 URL would be easily available via inspect-element. So users could potentially take the link and embed it on their website with no issues. How can this be prevented? Is it possible to create some sort of protection? Eg. add a new parameter "host" where you can pass the domain/host name from where you'll be hosting the stream so it can only be used where defined.
Thanks in advance,加入讨论 - 在下面添加评论:
登录/注册以发布新的评论
Hmm are these options adjustable at all? I feel like 7 days is too long and 10 different users is far too many considering that 1 link should theoretically be for 1 user. Personally I’d find 24hr duration + 2 different IP/UserAgents more acceptable.
Thanks for your response, I appreciate it.
Hi! Every link has special token in JWT format, that restricts:
You have noticed good problem, that was noticed and fixed earlier. There were a lot of treats like this.