Hello,
I’m trying to view my openvidu recordings from the html video tag.
I secured access to the recordings path (which I’ve done by setting OPENVIDU_RECORDING_PUBLIC_ACCESS to false), but it seems like there’s no way to add basic auth headers to the browser’s request when fetching the video.
I was wondering if there is a way to pass the basic auth header as a query parameter instead?
Something like
https://openviduip/recordings/folder/file.mp4?BasicT1BFTlZJRFVBUFA6TVlfU0VDUkVU
Technically you can pass in basic authorization headers using beforeSend setRequestHeader if using $.ajax, but sending the credentials client side is a bad idea because it would expose the credentials. Keep in mind that you also wouldn’t want to pass your credentials on the url since its not encrypted and would be in log files.
What you could do is have your client side code call some server side code that would then process that request.
@John-Coffee is right. Recordings are by default protected with Basic Auth credentiales, and the only alternative is disabling this protection with OPENVIDU_RECORDING_PUBLIC_ACCESS=true. But this is only a shortcut for development environments or strictly controlled production environments, and of course this is not recommended in regular production set ups, where these recordings are not supposed to be available for everybody. Developers are in charge of delivering the recording files the way they want from the host, knowing that to access them from client-side or server-side the secret of OpenVidu deploymen will be needed (if defualt value OPENVIDU_RECORDING_PUBLIC_ACCESS=true is not modifed).
Perfect!
I’ll try to have my backend authenticate and stream the file to my frontend.
Thanks a lot guys!