Cors Filters doesn't work properly.

[muratugureminoglu]

Short description

Cors filter doesn't work.

Environment

• Operating system and version: Ubuntu 18.04
• Java version: 11
• Ant Media Server version: 2.2.1

Steps to reproduce

1. Open web.xml file with the editor
   vim /usr/local/antmedia/webapps/WebRTCAppEE/WEB-INF/web.xml
2. Find the following lines

                    <param-name>cors.allowed.origins</param-name>
                    <param-value>*</param-value>

3. Change * to URL address

                    <param-name>cors.allowed.origins</param-name>
                    <param-value>http://test.antmedia.io</param-value>

4. Restart the service.
   systemctl restart antmedia

Expected behavior

It should work

Actual behavior

It does not work.

Logs

Place logs on pastebin or elsewhere and put links here

Join Google Group and be a part of Ant Media Server Community.

[studiostream]

I have the same problem!

[KeithLeoSmithIdeam]

So I have found that setting the CORS values in the filter does work but then has an unintended consequence where the AMS Admin UI no longer can make calls to the backend.

[AvrumFeldman]

From my tests I'm getting the same results. CORS restrictions have no affect whatsoever. Unless I'm misunderstanding what the CORS filter is intended for, I'm trying to use it to limit the player.

Edit: I'm referring to the application specific filter, not the root filter.

[petsoukos]

@KeithLeoSmithIdeam You have to put the domain your AMS ADmin UI sits behind in the allowed origins

[mekya]

CORS filter concept is a little weird to understand.

Let me tell step by step for future users.

1. When you encounter something like in the image below, it means that some script in localhost:5080 try to reach to the ovh36.antmedia.io and ovh36.antmedia.io does not have Access-Control-Allow-Origin. You must not encounter this case because Ant Media Server puts * for Access-Control-Allow-Origin header by default
   

2. When you encounter the image below, it means that you need to put your domain name to the web.xml.

   • Open your web.xml under your application /usr/local/antmedia/webapps/WebRTCAppEE/WEB-INF/web.xml
   • Replace the * with your domain

   <init-param>
        <param-name>cors.allowed.origins</param-name>
        <param-value>*</param-value>
   </init-param>
   

   for this case, I need to write http://localhost:5080

   

3. When you encounter the image below , you then need to add following lines under CORSF filter in your web.xml ( /usr/local/antmedia/webapps/WebRTCAppEE/WEB-INF/web.xml)

   <init-param>
     <param-name>cors.support.credentials</param-name>
     <param-value>true</param-value>
   </init-param>

   
   • It should be seen something like that

     <filter>
       <filter-name>CorsFilter</filter-name>
        <filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
         <init-param>
               <param-name>cors.allowed.origins</param-name>
               <param-value>http://localhost:5080</param-value>
          </init-param>
            <init-param>
                 <param-name>cors.allowed.methods</param-name>
                  <param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
            </init-param>
            <init-param>
                  <param-name>cors.support.credentials</param-name>
                  <param-value>true</param-value>
               </init-param>
               <init-param>
                   <param-name>cors.allowed.headers</param-name>
                   <param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization</param-value>
                </init-param>
       <async-supported>true</async-supported>
   </filter>