• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty
Affordable VAST/VPAID for Wordpress has arrived. Serve ads with your videos starting today!
    • Docs
      • Installation
      • Changelog
    • FAQ
    • Support
      • Free Support
      • Pro Support
    • PRO

    How to enable CORS headers for various types of video hosting

    Cross-origin resource sharing (CORS) is a mechanism allowing websites to request restricted resources from other websites with different domain. CORS defines the rules that are used when server is trying to determine whether it is safe to share resources or not.

    Both HLS Streaming and our Thumbnail generator require enabled CORS headers to work properly. Here’s a guide on how to do it for various types of video hosting.

    • Apache
    • AWS
      • S3
      • CloudFront
      • Clearing CloudFront cache
    • BunnyCDN
    • DigitalOcean Spaces
    • KeyCDN

    Apache

    Add this to your .htaccess file:

    <IfModule mod_headers.c>
      <FilesMatch "\.(vtt|srt)$">
        Header set Access-Control-Allow-Origin "*"
      </FilesMatch>
    </IfModule>
    

    Then you can test the CORS headers here: cors-test.codehappy.dev by entering the subtitles URL there.

    AWS

    Enabling CORS in Amazon S3

    To configure CORS in Amazon S3, simply copy this content into your bucket properties:

    [
        {
            "AllowedHeaders": [
                "*"
            ],
            "AllowedMethods": [
                "GET",
                "POST",
                "PUT"
            ],
            "AllowedOrigins": [
                "*"
            ],
            "ExposeHeaders": [],
            "MaxAgeSeconds": 3000
        }
    ]
    
    

    To allow this in Amazon S3, you just need to:

    1. Open your source bucket.

    2. Go to Permissions and scroll down to Cross-origin resource sharing (CORS), and click edit.

    3. Paste in the code above and click Save changes.

    Enabling CORS in CloudFront

    To allow CORS with your CloudFront distribution, you will need to do some additional configuration:

    1. Select the distribution you want to use (if you don’t have an existing distribution, check this guide - Serving Private Videos via CloudFront)
    2. Once in the distribution settings, go to Bahaviors tab. Pick the Default(*)behavior and click Edit:
    3. Follow these settings. Especially make sure you’ve picked the correct headers in the Cache key and origin requests part:
    4. It will take some time for these changes to take effect due to caching of the CloudFront network.

    Clearing the CloudFront Cache

    If you have an existing distribution that is already used for serving video content and you add the CORS headers, or do any other change that can affect the videos, you should clear the cache on all edge servers. This way you can make sure that the changes are really applied instead of using the cached old version.

    To clear the cache, you will have to create an invalidation in the distribution settings.

    1. Start with opening the settings of the distribution you want and go to the Invalidations tab. There click on the Create Invalidation button:
    2. Now you can select, which objects (in this case videos) you want to clear from the cache. We of course want to clear them all, so we can use the “*” wildcard. Therefore, just write “/*” – that specifies all the objects in the source bucket of your distribution. Afterwards click the Create Ivalidation button.
    3. The invalidation will take a only a minute or two. You will see that it’s finished when the status changes from “In progress” to “Completed“:

    BunnyCDN

    To enable CORS headers in BunnyCDN settings please follow these steps:

    1. Log in to your BunnyCDN profile.

    2. Go to Pull zones in the general menu and open designated pull zone

     

    Bunny CDN Pull Zones menu
     

    3. Go to Headers settings

     
     

    4. Fill in designated file extensions that you want to allow. Add m3u8 and ts to cover needs to HLS stream playback. Also add mp4 if you are using it for video to allow the FV Player screenshot feature to work.  Adding vtt will also allow you to serve subtitles.

    5. Save your settings


    DigitalOcean Spaces

    To enable CORS headers in DigitalOcean Spaces please follow these few steps:

    1. Log into your DigitalOcean account, enter Spaces section, pick desired space and go to it’s Settings tab

     

    Settings tab of DigitalOceanSpaces space
     

    2. Open CORS Configuration settings and fill in following settings:

    2.1 Origin: fill in your domain, if you’re using www. or https:// in your domain name, make sure to fill that too

    2.2 Allowed Methods: pick GET and HEAD 

    2.3 Allowed Headers: (please allow following headers)

    Access-Control-Allow-Methods

    Access-Control-Allow-Origin

    Origin

    Range

    3. Hit Save Options


    KeyCDN

    1. Log into your account.

    2. Go to Zones.

    3. Select your desired zone and click on Manage and open Edit option.

     

    Editing a KeyCDN zone
     

    4. Then select Show advanced features and set CORS Headers to enabled.

     
     

    5. Save your settings.


    Besides bringing new features into FV Player we also focus on explaining and helping our users with using those which are already part of our player. You can help us a lot with it by giving us valuable feedback.

    So if you have any tips or questions, don’t hesitate and contact us via our Forums!

    Reader Interactions

    Primary Sidebar

    Video Hosting

    1. Why FV Player?
    2. FAQ
    3. Creating and Managing Playlists
    4. Advanced features
    5. Video Security
    6. Troubleshooting
    7. Tools
    8. Analytics
    9. Audio Player
    10. Live Streaming
    11. Download | Buy
    12. Getting Started
    13. Licensing and Account
    14. Setting Screens
    15. Video Hosting
      1. YouTube
      2. Vimeo
      3. Bunny Stream
      4. Odysee
      5. Rumble
      6. PeerTube
      7. Cloudflare Stream
      8. JW Player
      9. Amazon Web Services S3
      10. How to enable CORS
      11. Fallback Video Hosting
      12. RTMP Streams with Flash - Deprecated
      13. Google Drive - Deprecated
    16. Video Membership, Pay Per View and eLearning
    17. Video Advertising
    18. FV Player VAST/VPAID
    19. Casting Options
    20. For Developers
    21. FV Player Demos
    22. Additional Services
    23. Legal

    Footer

    Our Plugins

    • FV WordPress Flowplayer
    • FV Thoughtful Comments
    • FV Simpler SEO
    • FV Antispam
    • FV Gravatar Cache
    • FV Testimonials

    Free Tools

    • Pandoc Online
    • Article spinner
    • WordPress Password Finder
    • Delete LinkedIn Account
    • Responsive Design Calculator
    Foliovision logo
    All materials © 2025 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
    • This Site Uses Cookies
    • Privacy Policy
    • Terms of Service
    • Site Map
    • Contact
    • Tel. ‭+421 2/5292 0086‬

    We are using cookies to give you the best experience on our website.

    You can find out more about which cookies we are using or switch them off in .

    Powered by  GDPR Cookie Compliance
    Privacy Overview

    This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

    Necessary Cookies

    Strictly Necessary Cookie allow you to log in and download your software or post to forums.

    We use the WordPress login cookie and the session cookie.

    If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

    Support Cookies

    Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

    We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

    Please enable Strictly Necessary Cookies first so that we can save your preferences!

    3rd Party Cookies

    This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

    Keeping this cookie enabled helps us to improve our website.

    We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

    Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

    Please enable Strictly Necessary Cookies first so that we can save your preferences!