1

Can RTMPT streaming be limited using crossDomain? We are hosting an Red5 server on port 80 and port 1935. I would expect that the crossdomain file would have a point for RTMPT that runs on the same port as HTTP.

I have created the crossdomain.xml file in the webapps/ROOT folder:

    <?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />
   <allow-access-from domain="*.mydomain.com" />
   <allow-http-request-headers-from domain="*.mydomain.com" headers="*" secure="false" />
</cross-domain-policy>

However, I am able to access streams successfully from players(flash swf) embedded on other domains.

So I am reaching the conclusion I cannot limit playback to take place only from my webpage.

I'm using http://www.wowza.com/resources/3.5.0/examples/LiveVideoStreaming/FlashRTMPPlayer/player.html to pull the RTMPT stream.

Does flash respect crossdomain.xml in relation to RTMPT ?

Menelaos
  • 23,508
  • 18
  • 90
  • 155
  • 1
    Crossdomain **does not limit** stream connections to SWF apps running only from the listed domain(s). I don't think VLC (desktop player) even cares for it, just goes straight to the stream bytes & plays. The crossdomain file is not best solution for content protection (eg: it works in the case of some external SWF trying to **record** picture or sound of stream, so normal playback is fine by any web app but attempted storage would not allowed). You need a different solution (but once stream URL is known, it can still be accessed without involving your site). – VC.One Jul 14 '16 at 07:16
  • @VC.One So, even with a correct corssdomain, the rtmpt stream will be playable from an SWF hosted anywhere? Obviously apps such as VLC will ignore it altogether. – Menelaos Jul 14 '16 at 09:39
  • If you want to protect your domains content, you'll have to implement playback security in your apps; crossdomain alone cannot protect content. – Paul Gregoire Jul 14 '16 at 13:26
  • @maythesource.com, yes your understanding is correct. Basically you don't even need a crossdomain file involved to begin playback of any rtmp stream. Where there is a X-domain file, all it does is tell Flash that if playing SWF is hosted on your server (on the list) then it has rights do more with the a/v content than external SWFs could, for example grabbing frames or analysing sound (to create visualisation) etc). – VC.One Jul 14 '16 at 19:38

0 Answers0