Called proxy with URL http://192.168.xx.xx:8080/3hyw7hwoajn21/HLSPlaylist.m3u8
Called proxy with URL http://192.168.xx.xx:8080/3hyw7hwoajn21/HLS_540_v4.m3u8
Called proxy with URL http://192.168.xx.xx:8080/3hyw7hwoajn21/HLS_AUDIO_160_K_v4.m3u8
Called proxy with URL http://192.168.xx.xx:8080/3hyw7hwoajn21/HLS_224_v4.m3u8
Here's an example Reddit video: https://www.reddit.com/r/me_irl/comments/b3vrs4/me_irl
Looking through the JSON, it has a few options for video sources:
"reddit_video": {
"dash_url": "https://v.redd.it/3hyw7hwoajn21/DASHPlaylist.mpd",
"duration": 76,
"fallback_url": "https://v.redd.it/3hyw7hwoajn21/DASH_720?source=fallback",
"height": 720,
"hls_url": "https://v.redd.it/3hyw7hwoajn21/HLSPlaylist.m3u8",
"is_gif": false,
"scrubber_media_url": "https://v.redd.it/3hyw7hwoajn21/DASH_240",
"transcoding_status": "completed",
"width": 1280
}
While I seemingly can get other HLS/m3u8 videos to work with the Chromecast SDK (for example Google's own example HLS video), I cannot seem to get any of these sources to work.
I've tried https://v.redd.it/3hyw7hwoajn21/HLSPlaylist.m3u8 with the stream type set to both "live" or "buffered", I've tried the content type as "application/x-mpegURL", and I've tried the same for the dash URL https://v.redd.it/3hyw7hwoajn21/DASHPlaylist.mpd with content type "application/dash+xml" also to no avail. I found this question that seems to indicate some possibility?
I've also noticed with the DASH file there's a separate video and audio stream (https://v.redd.it/3hyw7hwoajn21/DASH_720 and https://v.redd.it/3hyw7hwoajn21/audio) worst case scenario is there a way to play the video stream with the separate audio stream playing too on the Chromecast?
Is it not possible for the Chromecast to play these video types?
UPDATE
Jesse and aergistal suggested that it has to do with the lack of CORS headers. I built a custom receiver app to be able to get better debugging logs, and this was indeed (the first) issue; Chromecast complains about CORS.
Using nginx on I built a local reverse proxy that adds all the CORS headers, then I give Chromecast that proxy URL instead and this CORS error went away.
However, using the HLS/m3u8 link it still wouldn't stream. Now it complains of the following:
[cast.player.hls.PackedAudioParser] Neither ID3 nor ADTS header was found at 0
and
[cast.player.api.Host] error: cast.player.api.ErrorCode.NETWORK/315
and
[cast.receiver.MediaManager] Load metadata error: Error
Full log:
Which causes it to still not play. Any ideas?
Adding the CORS issue allows the DASHPlaylist.mpd variant to load (it wouldn't before), which is great, but not so great at the same time because the reverse proxy requires you to download the entire response first, and where the DASH URL is just an entire MP4 (whereas the HLS is byte ranges) it means the reverse proxy has to download the entire DASH video first before showing it, which takes ages compared to the HLS.
So it'd still be optimal to get the HLS working due to speed, but is it just doomed not to work due to a playback issue on the Chromecast?
Solution for HLS with separate audio tracks
Based on the information from the latest log there is a mismatch between the chosen segment format and actual format used in the stream. The stream uses AAC in MPEG-TS whereas the Cast SDK tries to parse it as packed audio.
A reply on the Cast issue tracker shows that the HlsSegmentFormat defaults to MPEG2_TS if the stream is multiplexed and MPEG_AUDIO_ES otherwise.
The suggested solution for the CAF receiver is to intercept the load requests and override the segment format with loadRequestData.media.hlsSegmentFormat = cast.framework.messages.HlsSegmentFormat.TS. A slightly modified example:
<html>
<head>
</head>
<body>
<cast-media-player id="player"></cast-media-player>
<script type="text/javascript" src="//www.gstatic.com/cast/sdk/libs/caf_receiver/v3/cast_receiver_framework.js">
</script>
<script>
const context = cast.framework.CastReceiverContext.getInstance();
const playerManager = context.getPlayerManager();
// intercept the LOAD request
playerManager.setMessageInterceptor(
cast.framework.messages.MessageType.LOAD, loadRequestData => {
loadRequestData.media.hlsSegmentFormat = cast.framework.messages.HlsSegmentFormat.TS;
return loadRequestData;
});
context.start();
</script>
</body>
</html>
Original source
Yet another example
Solution for CORS
The Google Cast reference gives you the solution:
If you're having problems playing streams on a Cast device, it may be an issue with CORS. Use a publicly available CORS proxy server to test your streams
The problem with the publicly available proxies is that they enforce a size limit due to bandwidth concerns, so make your own or use an open-source one. If the app runs on a mobile device you can also make it a local server.
The current streams are not protected by DRM. This will get more complicated or outright impossible later if they add CDN authentication or protect the streams with DRM.
Regarding the CORS headers you must make sure preflight requests are supported: the client might send an OPTIONS first to check CORS support (including allowed methods and headers).
HTTP range requests must also be supported for your streams meaning the appropriate headers must be authorized and exposed.
Example preflight request configuration from https://enable-cors.org:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
You will need to allow at least: GET, OPTIONS, the Content-Type and Range headers, and expose Content-Length,Content-Range. Remove duplicate headers if provided by the remote server.
Conclusion
The most ethical answer is to work with Reddit to ensure they set the proper CORS headers. CORS headers are required in the Google documentation.
Simulating your issue
Using this tester:
https://developer.jwplayer.com/tools/stream-tester/
It simulates some of the same experience you were having in your code with the Chromecast SDK. The Google video played without the Playready DRM setting, but the reddit videos did not (in most browsers).
MS EDGE and jwplayer
If you select Playready and put anything for Playready url, even leaving it blank, it works for M3U8.
Internet Explorer and jwplayer
Error, 232011 A manifest request was made without proper crossdomain credentials. Cannot load M3U8: Crossdomain access denied. This video cannot be played because of a technical error.
This indicates that perhaps CORS is not enabled on the reddit servers. More on that below.
Firefox and jwplayer
Nothing there seems to work with jwplayer.
Chrome and jwplayer
Doesn't work with jwplayer.
Safari and jwplayer player
You indicated it worked without needing to set any of the DRM settings.
iPhone/Apple TV
I tried it and the m3u8 videos are able to use AirPlay directly to cast from my phone to the Apple TV (4K).
Simulation Summary
All the M3U8 videos can already stream from iPhone to AppleTV just fine with Airplay. It seems to work it Edge, and also in Safari, so maybe it only works because Reddit has accepted Apple streaming via airplay as a service, but not Chromecast. Not quite sure there, but how else could it be explained? More clarification from someone would be great.
Root Cause Analysis
Notice the google link you shared includes this header:
Access-Control-Allow-Origin
and it is set to * (aka. all), meaning the server will share the requested resources with any domain on the Internet.
https://tools.geekflare.com/report/cors-test/https://commondatastorage.googleapis.com/gtv-videos-bucket/CastVideos/hls/DesigningForGoogleCast.m3u8
The reddit links don’t have that header, meaning CORS is not enabled to allow resource sharing, meaning it is not designed to work.
Description of the CORS headers
https://www.codecademy.com/articles/what-is-cors
The Access-Control-Allow-Origin header allows servers to specify how their resources are shared with external domains. When a GET request is made to access a resource on Server A, Server A will respond with a value for the Access-Control-Allow-Origin header. Many times, this value will be *, meaning that Server A will share the requested resources with any domain on the Internet. Other times, the value of this header may be set to a particular domain (or list of domains), meaning that Server A will share its resources with that specific domain (or list of domains). The Access-Control-Allow-Origin header is critical to resource security.
There are several resources indicating that CORS must be enabled from the server side:
https://stackoverflow.com/a/28360045/9105725
https://help.ooyala.com/video-platform/concepts/cors_enablement.html
Even Google says these headers need to be set:
https://developers.google.com/cast/docs/chrome_sender/advanced
CORS requirements
For adaptive media streaming, Google Cast requires the presence of CORS headers, but even simple mp4 media streams require CORS if they include Tracks. If you want to enable Tracks for any media, you must enable CORS for both your track streams and your media streams. So, if you do not have CORS headers available for your simple mp4 media on your server, and you then add a simple subtitle track, you will not be able to stream your media unless you update your server to include the appropriate CORS header. In addition, you need to allow at least the following headers: Content-Type, Accept-Encoding, and Range. Note that the last two headers are additional headers that you may not have needed previously.
Related
I have an S3 integration set up in an API Gateway endpoint and it works well in most cases when uploading/downloading content to/from my S3 bucket. One problem that I have is that I can play mp4 files via my API Gateway in Safari on MacOS.
I followed that post (<video> plays in other browsers, but not Safari) and I learned that default MacOS player requires an http server to allow byte-range responses in order to properly play mp4 files. So what I did is I allowed passing Range parameter in request header in API Gateway and, in response, I return Accept-Ranges: 'bytes' in header. Additionally API Gateway responds with 206 status which is a proper one for data returned in chunks.
The one thing I spotted is that the request from the web browser goes with Range: bytes=0- indicating that the file is requested in one chunk. And, as a result I receive single response with whole file.
On the other hand, when examining request/response with this stock video (https://assets.mixkit.co/videos/preview/mixkit-waves-in-the-water-1164-large.mp4), also sourced from S3 according to what I see in the response header, the requests are separated into chunks and response is provided in pieces as well.
So, is there something I'm missing in API Gateway to make it work?
Our single page app embeds videos from Youtube for the end-users consumption. Everything works great if the user does have access to the Youtube domain and to the content of that domain's pages.
We however frequently run into users whose access to Youtube is blocked by a web filter box on their network, such as https://us.smoothwall.com/web-filtering/ . The challenge here is that the filter doesn't actually kill the request, it simply returns another page instead with a HTTP status 200. The page usually says something along the lines of "hey, sorry, this content is blocked".
One option is to try to fetch https://www.youtube.com/favicon.ico to prove that the domain is reachable. The issue is that these filters usually involve a custom SSL certificate to allow them to inspect the HTTP content (see: https://us.smoothwall.com/ssl-filtering-white-paper/), so I can't rely TLS catching the content being swapped for me with the incorrect certificate, and I will instead receive a perfectly valid favicon.ico file, except from a different site. There's also the whole CORS issue of issuing an XHR from our domain against youtube.com's domain, which means if I want to get that favicon.ico I have to do it JSONP-style. However even by using a plain old <img> I can't test the contents of the image because of CORS, see Get image data in JavaScript? , so I'm stuck with that approach.
Are there any proven and reliable ways of dealing with this situation and testing browser-level reachability towards a specific domain?
Cheers.
In general, web proxies that want to play nicely typically annotate the HTTP conversation with additional response headers that can be detected.
So one approach to building a man-in-the-middle detector may be to inspect those response headers and compare the results from when behind the MITM, and when not.
Many public websites will display the headers for a arbitrary request; redbot is one.
So perhaps you could ask the party whose content is being modified to visit a url like: youtube favicon via redbot.
Once you gather enough samples, you could heuristically build a detector.
Also, some CDNs (eg, Akamai) will allow customers to visit a URL from remote proxy locations in their network. That might give better coverage, although they are unlikely to be behind a blocking firewall.
I have built a custom receiver app using Google's example for the chromecast.
I am trying to stream SmoothStreaming on it.
Problem is, that I see the networking debugger and I see that for every chunk of SS it fetches, it does HTTP OPTIONS before the HTTP GET.
Is there a way to use a CORS xml or something so that the chromecast will not do these overhead calls?
Thanks
You need a CORS Proxy. Have you tried to use corsproxy.com? Or TOMODOKorz? Links:
http://www.corsproxy.com/
https://github.com/TOMODOcom/TOMODOkorz
From the tests I've been doing, the Chromecast client always sends HTTP OPTIONS to check it has permissions to get the content and then (after receiving a 200 OK) sends a POST to the license server.
I am currently playing with the Web Audio API and I am looking at buffering and play a source of sound coming from a different domain.
I did quite a bit or researches including on stackoverflow and it seems there are solutions to do cross domain requests (JSONP, YQL...) to query html, json, xml... but nothing to capture an audio source. The standard method in order to pick up a sound source is by using an XMLHttpRequest and forcing the response to be of a type of arrayBuffer:
var request = new XMLHttpRequest();
request.responseType = 'arraybuffer';
request.open("GET", url);
the request.response can afterwards be a buffer that can be played.
This seems to work with a "url" that points to an audio file of the same domain. Is there a way to get the response of a XMLHttpRequest requesting an audio source from an external domain?
I tried the http://query.yahooapis.com/v1/public/yql? with a select query but there is no way to pick up an audio source from the tables (according to https://developer.yahoo.com/yql/console/).
Any idea is welcome.
Many thanks!!
This would only work if the audio file you're requesting is on a server that supports CORS (and you use CORS in the request) - you can't just arbitrarily grab sound files off other servers (as that would enable cross-origin data access). http://enable-cors.org/.
I'm serving up tiny little chunks of minimized javascript through Google App Engine, and I think the GZIP-unGZIP process is slowing me down unnecessarily. (To clarify, I'm sending them quickly to many different websites who request them and I've optimized most of the other parts of the process).
For reference the files are so small that the GZIP savings can be less then the "Content-Encoding: gzip" header.
However, from the documentation
If the client sends HTTP headers with the request indicating that the client can accept compressed (gzipped) content, App Engine compresses the response data automatically and attaches the appropriate response headers.
Is there a setting in app.yaml or somewhere that I can disable GZIP-ing? It must be possible since some files are served unzipped.
It's not currently possible to change this behavior from the server side (although, if you control the client, you can remove gzip from its Accept-Encoding header to accomplish the same thing)
There's an open bug about this with Google, and a team member has marked it "Acknowledged", but it doesn't look like there's been any action on it in the last year or so. You should probably add your voice to that ticket and star it for future notifications.