Cross-Origin Resource Sharing (CORS)

Cross-Origin Resource Sharing (CORS) lets web pages make requests to a domain other than the one from which the page was served; it allows JavaScript to make requests across domain boundaries. Without CORS, this functionality is not available and web pages can run into cross-domain issues when trying to retrieve files, such as closed captions, from another domain.

All resources not hosted by Ooyala (video, audio, images, closed captions, css, js, etc.) that are used with your HTML5-based playback must have the appropriate CORS headers configured. If your resources do not follow the CORS standard, your player will not function correctly and may fail when trying to access files across domains.

You must set up CORS enablement on the CDN that you use for content serving. For information on how to enable CORS, see or talk to your hosting provider or vendor.

For example, due to the fact that the domain of a closed caption file could be different than the page and/or the video tag itself, we set crossorigin='anonymous' on the video tag. This causes any streamURL that does not properly have the CORS header enabled to fail to load.

Note: These CORS prerequisites do not apply if you are using only Ooyala-hosted content, as CORS is enabled for all Ooyala-hosted domains.