admin管理员组

文章数量:1327660

Can I play HTTP streaming on HTTPS domain without browser's security errors? The browser blocks that requests by default.

I use hls.js library for .m3u8 desktop playing support. When I play content natively without it (via mobile or Mac's Safari), the browser shows warning but doesn't blocks requests. But when I play it on same devices with hls.js enabled, or via desktop browsers, the requests are blocked.

Can I play HTTP streaming on HTTPS domain without browser's security errors? The browser blocks that requests by default.

I use hls.js library for .m3u8 desktop playing support. When I play content natively without it (via mobile or Mac's Safari), the browser shows warning but doesn't blocks requests. But when I play it on same devices with hls.js enabled, or via desktop browsers, the requests are blocked.

  • javascript
  • html
  • video
  • browser
  • https
Share Improve this question edited Jun 6, 2017 at 14:20 Psijic asked Jun 6, 2017 at 14:13 PsijicPsijic 1,01213 silver badges28 bronze badges 9
  • 1 Why use a library if you do not need to? – guest271314 Commented Jun 6, 2017 at 14:16
  • by default desktop browsers don't support HLS. Excluding - Safari on Mac. – Psijic Commented Jun 6, 2017 at 14:17
  • Why cannot you use the same protocol as existing document? – guest271314 Commented Jun 6, 2017 at 14:20
  • It will overload videoservers – Psijic Commented Jun 6, 2017 at 14:23
  • @Psijic are you sure? Can you use a diffrent server for the videos but over https? – user6560716 Commented Jun 6, 2017 at 14:24
 |  Show 4 more ments

1 Answer 1

Reset to default 7

You can't.

Mixed content, when you have resources served over http on a https site, can be passive or active.

Passive:

  • Images
  • Videos
  • Audio

Active:

  • Javascript
  • CSS
  • iFrames
  • Objects (flash, etc.)
  • XHR (requests made with javascript)

The problem is that your video is fetched with hls.js, which is considered active content (see that last bullet), and therefore blocked.

However, if the browser fetches it through a <video> element, it is considered passive content and allowed.

Suggestions / workarounds

  • Switch your video servers to HTTPS. This is the preferred option. HTTPS is faster. You said that your server's administrator says that the HTTPS will "overload videoservers". I doubt that. Try it out and see.

    If you stop reading now you only need to remember one thing: SSL/TLS is not putationally expensive any more. -- Adam Langley (Google)

  • Switch to a diffrent video format, like mp4 or ogg or load both. Your website will load faster because you don't need a library.
  • Switch to http DON'T DO THIS

本文标签: javascriptHTML5 Playing HTTP streaming on HTTPS domainStack Overflow

版权声明:本文标题:javascript - HTML5: Playing HTTP streaming on HTTPS domain - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742228055a2436696.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。