-
Hi FV Player Support Team,
I hope you are doing well.
I am currently using URL signing with CloudFront to protect my videos, but I’ve noticed that the signed URLs are still visible in the page source. For example, in the source code, I see:
<video class="fp-engine intrinsic-ignore" preload="none" webkit-playsinline="true" playsinline="true" src="https://stream.mydomain.com/myvideo.mp4?Expires=1724157757&Signature=RKzgigqzK95qQY3ZKWmHhh9tTPGfezhdlXmoV2baufSz2pmPdFyn~vDHw82tbMdXk~AHpRqrMWVyecQwlXuf-7NDn2KgRzNlxtK~3Pdy4hfhkrIkiVfcNjA5vhmeunSQ9DcbuCf661Yf33n4tonVPf1yGICjM4PKNPRevwG1~FKVfQtd63CXM~CHLD35SR~Al1I5MjBts9Mql8zUAbxz4e7R2oDQciVCxkWbxxsZ5bgqCIuSPgtGFquSrNReaql8rOy5EHa3FE9sRSRaWJMp7E5OyeesEbOCOfPbAVLC1e8~o36isHBwJVe3J7GWGpUEc95cS0CNFCzVZiSJ~x-puw__&Key-Pair-Id=APKA34EE3CIELW54AZG6" x-webkit-airplay="allow" style="">...</video>and also a div before the video tag like this:
<div id="wpfp_d8d8733f21972de7cae0ed6c3d7b3043" data-item="{"sources":[{"src":"https:\/\/stream.mydomain.com\/myvideo.mp4?Expires=1724157757\u0026Signature=RKzgigqzK95qQY3ZKWmHhh9tTPGfezhdlXmoV2baufSz2pmPdFyn~vDHw82tbMdXk~AHpRqrMWVyecQwlXuf-7NDn2KgRzNlxtK~3Pdy4hfhkrIkiVfcNjA5vhmeunSQ9DcbuCf661Yf33n4tonVPf1yGICjM4PKNPRevwG1~FKVfQtd63CXM~CHLD35SR~Al1I5MjBts9Mql8zUAbxz4e7R2oDQciVCxkWbxxsZ5bgqCIuSPgtGFquSrNReaql8rOy5EHa3FE9sRSRaWJMp7E5OyeesEbOCOfPbAVLC1e8~o36isHBwJVe3J7GWGpUEc95cS0CNFCzVZiSJ~x-puw__\u0026Key-Pair-Id=APKA34EE3CIELW54AZG6","type":"video\/mp4"}],"splash":"https:\/\/static.alphorm.com\/bgplayer\/FR_1129\/FR_1129_bg_player_large.png",...">My concern is that with these URLs exposed, anyone could potentially download the videos. I am looking for a way to further enhance the protection of my videos.
I have noticed on other streaming platforms that they use a blob URL approach for video sources, which seems to provide an additional layer of security. For example:
<video class="video-player--video-player--HiAnq" id="playerId__50281676--9" preload="auto" controlslist="nodownload" style="padding-bottom: 0px;" src="blob:https://stream.mydomain.com/f2706dd4-8ee0-4476-a061-a4a0f0279624"></video>or
<video id="video-element" class="video__d1NA_" preload="auto" playsinline="" crossorigin="anonymous" src="blob:https://stream.mydomain.com/e817af27-1505-45eb-94f9-7cdf462f0d18"> <track label="thumbnails" kind="metadata" src="https://app.mydomain.com/video/delivery/api/v1/storyboards/47cb81eb-ad76-476f-b015-27de7c090a16/7b79041d-ef8b-4ad0-a0e1-895f8904ba3b"></video>Is there a way to implement a similar protection method with FV Player, or any other recommendation you have to make the video URLs less exposed?
Thank you in advance for your guidance.
Best regards,
Hamid
-
-
Hello Hamid,
The video source shows as blob if it’s played using Media Source API of HTML5. Practically speaking it’s used when you play an HLS stream on a device other than iPad, iPhone or the Mac Safari browser.
Even if the video URL does not show in HTML code the browser video downloading tools can find their URLs and offer these HLS streams for download. But I see that showing the URL in HTML makes it easier to find.
What helps prevent video downloads is encrypting the HLS streams (Our full article on video protection is available here: How to Protect Your Videos from Being Downloaded)
Creating encrypted HLS streams is not easy, so we have build the free add-on plugin FV Player Coconut which let you encode, host and deliver the HLS streams using Coconut.co and DigitalOcean services.
If you wonder how does it compare to the Amazon services or Bunny Stream, please refer to FV Player Coconut FAQ.
Thanks,
Martin
Hi Martin,
Thank you very much for the detailed explanation and the helpful information. I appreciate you taking the time to guide me through the options for enhancing video protection.
I’ll look into the FV Player Coconut add-on and consider implementing encrypted HLS streams as you suggested.
Thanks again for your assistance!
Best regards,
Hamid
