By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Multiple domains in aws:access-control-allow-origin JWT token config

0

Hi,

Is it possible to define more than one domain in the "aws:access-control-allow-origin" JWT token config?
I've already tried using a space/comma separated list and a JSON array.

Thanks

Topics
Media Services
Tags
Amazon Interactive Video Service
Language
English
thiaguetz
asked 3 years ago548 views
1 Answer
0

Hello,

The access-contrtol-allow-origin header itself only allows a single domain as the origin or * as a wildcard to allow anything, so multiple origins are not allowed in the JWT token.

A common use case with playback authorization is to have the IVS Player embedded in a website so the access-control-allow-origin can be set to the domain of that site, and therefore only allowing playback sessions to originate from the one domain.

In a case where multiple origins are required, an example implementation would be to have logic in an application that can determine the origin of a request, verify that it's in a list of approved origins, then set that origin in the JWT payload before signing and returning the playback URL + access token.

Please let us know if we can provide additional information.

DavidT-AWS
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content