using token based authentication for HTML5 video

javascript authentication html5-video

I'm currently using JWT for each route that needs authentication on my web app, using passport on a NodeJS server. The token is stored by the front-end and every request made is used with an axios instance with the header "Authorization" set to the token.

Everything works fine with that, but now I want to use show videos an user has uploaded. To do that, I want to use the same mechanism. The issue is that using the <video> HTML tag, the only thing to get the ressource is using the src attribute, but I can't figure a way to make make it use the 'Authorization' header as it's not using axios.

Is there a way to do that or am I forced to implement myself some sort of player using the Media Source API ? I tried also putting the token as a query string in the URL. It does work but is that safe to do so as the auth token (or a new one for the video ressource only) will be shown?

Note: (I'm able to download the whole file with axios and then put a blob as a src, but it's really inefficient)


I couldn't find any player that supports this. All players fallback to use browser when playing media files with <video> and there is not way to fiddle with Headers to set Authentication token.

The only way to add headers is when you use protocols like HSL. Then the request are made via XHR and you can access request headers:

<html>

<head>
  <link href="https://unpkg.com/video.js/dist/video-js.css" rel="stylesheet">
  <meta charset="utf-8">
</head>

<body>
  <video
         id="my_video"
         class="video-js"
         controls
         preload="auto"
         width="640"
         height="268"
         data-setup="{}"
         >
  </video>
  <script src="https://unpkg.com/video.js/dist/video.js"></script>
  <script>
  videojs.Hls.xhr.beforeRequest = function(options) {
    options.headers = options.headers || {};
    options.headers.Authorization = 'Bearer token';
    console.log('options', options)
    return options;
  };
  var player = videojs('my_video');
  player.ready(function() {
    this.src({
       src: "https://dl5.webmfiles.org/big-buck-bunny_trailer.webm",
      type: "video/webm",
    });
  });
</script>
</body>

</html>

Related

How can I modify my Shunting-Yard Algorithm so it accepts unary operators?
javascript conditional expression parser
Fastest way to get Nth combination without repetition from a larg number of symbols
Can't create multiple labels with same key in Kubernetes 1.19
Flip coin with using def function python [duplicate]
Iterating name of a field with dplyr::summarise function
How to add median and IQR to seaborn violinplot
Running setup.py install for fbprophet ... error
Pylint complains about wxPython - 'Too many public methods'
Sending SMS programmatically without opening message app
How to differentiate build triggers in Jenkins Pipeline
How to remove php 5.6