By the request of the popular video hosting, we added a new content protection option to our control panel.
Its competitors copied and used unique video content in players on their websites. It was a pain in the neck for our client and it was necessary to protect its content.
What did we offer?
The idea behind the new options is the CORS (Cross-Origin Resource Sharing) technology. It restricts content loading in browsers if a request does not contain the necessary header. Competitors players will not be able to get content if CDN headers do not contain a CORS header.
How does it work?
CDN servers check whether the Origin request header matches domains that are specified by the user for the Access-Control-Allow-Origin Header option.
If it matches on the header, CDN adds the Access-Control-Allow-Origin header with the $http_origin value that came in the request.
If it does not match, the Access-Control-Allow-Origin header is not added to the response.
What tasks did we have?
1. Add a CORS-header
The CORS header is needed to protect content from using at third-party domains. We could not use the Referer Access Policy option because it just protects from using on third-party domains but does not add the CORS header needed to play the content.
2. Provide the possibility of selective adding of the CORS header
For the client, it was important that a CDN cloud check to add or not add a header depending on a domain. Therefore, we implemented a new option that solves both tasks.
The header is added only to listed domains and is not added for requests from other domains. (It was not possible to add a header using the Custom Headers option because in this case the header with the specified value will be added to all requests.)
The option allows you to add the Access-Control-Allow-Origin header for all requests or requests from the specified domains (no more than five).
The option is available in the CDN Resource settings and for Rules.