Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WHEP: The 'Access-Control-Allow-Origin' header is missing for CORS #4067

Open
aiquanpeng opened this issue May 24, 2024 · 2 comments
Open

WHEP: The 'Access-Control-Allow-Origin' header is missing for CORS #4067

aiquanpeng opened this issue May 24, 2024 · 2 comments
Assignees
@winlinvip
Labels
TransByAI Translated by AI/GPT. WebRTC WebRTC, RTC2RTMP or RTMP2RTC.

Comments

@aiquanpeng
Copy link

aiquanpeng commented May 24, 2024
edited by winlinvip
Loading

The error message reads as follows:
Access to XMLHttpRequest at 'http://10.244.3.204:1985/rtc/v1/whep/?app=live&stream=livestream' from origin 'http://direct.virtaicloud.com:20410/' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

TRANS_BY_GPT4
@winlinvip winlinvip changed the title A cross-domain problem is encountered:No 'Access-Control-Allow-Origin' header The issue is related to cross-origin resource sharing (CORS): The 'Access-Control-Allow-Origin' header is missing. May 24, 2024
@winlinvip winlinvip added the TransByAI Translated by AI/GPT. label May 24, 2024
@winlinvip winlinvip changed the title The issue is related to cross-origin resource sharing (CORS): The 'Access-Control-Allow-Origin' header is missing. WHEP: The 'Access-Control-Allow-Origin' header is missing for CORS May 24, 2024
@winlinvip winlinvip self-assigned this May 24, 2024
@winlinvip winlinvip added the WebRTC WebRTC, RTC2RTMP or RTMP2RTC. label May 24, 2024
@winlinvip
Copy link
Member

winlinvip commented May 24, 2024
edited
Loading

Please provide a detailed description of the steps to reproduce the issue, otherwise, this issue will be removed.

TRANS_BY_GPT4

@suzp1984
Copy link
Contributor

srs/trunk/src/protocol/srs_protocol_http_stack.cpp

Lines 887 to 912 in 282d94d

if (enabled) {
SrsHttpHeader* h = r->header();
required = !h->get("Origin").empty();
}
// When CORS required, set the CORS headers.
if (required) {
SrsHttpHeader* h = w->header();
// SRS does not need cookie or credentials, so we disable CORS credentials, and use * for CORS origin,
// headers, expose headers and methods.
h->set("Access-Control-Allow-Origin", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Headers
h->set("Access-Control-Allow-Headers", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Methods
h->set("Access-Control-Allow-Methods", "*");
// See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Expose-Headers
// Only the CORS-safelisted response headers are exposed by default. That is Cache-Control, Content-Language,
// Content-Length, Content-Type, Expires, Last-Modified, Pragma.
// See https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_response_header
h->set("Access-Control-Expose-Headers", "*");
// https://stackoverflow.com/a/24689738/17679565
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials
h->set("Access-Control-Allow-Credentials", "false");
// CORS header for private network access, starting in Chrome 104
h->set("Access-Control-Request-Private-Network", "true");
}

SRS already supported CORS request, it is maybe your service deployment problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@winlinvip winlinvip

Labels
TransByAI Translated by AI/GPT. WebRTC WebRTC, RTC2RTMP or RTMP2RTC.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@suzp1984 @winlinvip @aiquanpeng