By the request of the popular video hosting, we added a new content protection option to our control panel.
Our client encountered a problem: its competitors copied and used unique video content in players on their websites. It was necessary to protect this content.
What did we offer?
The idea behind the new options is the CORS (Cross-Origin Resource Sharing) technology. It restricts content loading in browsers if a request does not contain the necessary header. Competitors’ players will not be able to get content if CDN headers do not contain a CORS header.
How does it work?
CDN server checks whether the Origin request header matches domains that are specified by the user for the Access-Control-Allow-Origin Header option.
If it matches on the header, CDN adds the Access-Control-Allow-Origin header with the $http_origin value that came in the request.
If it does not match, the Access-Control-Allow-Origin header is not added to the response.
What tasks did we have?
1. Add a CORS header
The CORS header is needed to protect content from using at third-party domains. We could not use the Referer Access Policy option because it just protects from using on third-party domains but does not add the CORS header needed to play the content.
2. Provide the possibility of selective adding of the CORS header
It was important for the client that a CDN could check whether to add or not to add a header depending on a domain. Therefore, we implemented a new option that solves both tasks.
The header is added only to listed domains and is not added for requests from other domains. (It was not possible to add a header using the Custom Headers option because in this case the header with the specified value will be added to all requests.)
The option allows you to add the Access-Control-Allow-Origin header for all requests or requests from the specified domains (no more than five).
The option is available in the CDN Resource settings and in the Rules section.