Stream Manager CORS Solution


When Stream Manager is deployed online and is running on a remote server, the HTTP REST api is inaccessible to javascript running on a different system (for example, localhost). Attempting to access the REST api from localhost results in a CORS (HTTP access control) error in the browser console.

Cross origin access may be required to use the Red5 Pro testbed from localhost, for testing or developing while using the remote Stream Manager instance as a data source.

WebConsole error:

Cross-Origin Request Blocked: the Same Origin Policy disallows reading the remote ersource at (Reason: CORS header 'Access-Control-Origin' missing).


To solve the problem of Cross Domain access to data, the server must allow requests from the given source or from all sources.

Red5 Pro is based on Tomcat server. So one option is to add the Tomcat compatible CORS filter which modifies the header of the response by adding Access-Control-*.

The Tomcat CORS filter configuration allows you to restrict Cross Origin Access to specific IP addresses or URLs. The following configuration goes into the {red5pro}/webapps/streammanager/WEB-INF/web.xml file just as shown above.

       <param-value>GET, POST, PUT, DELETE</param-value>

The above configuration allows access from localhost, and using the param. It is important to know that the port must be specified to which the request is being made. Since the default http port for Red5 Pro is 5080, that is what we specify in the above sample.

Additionally the cors.allowed.methods param is essential in configuring access to the REST api methods on Stream Manager. If this param is excluded or some of the values for the param shown above are omitted, all the API calls may not function as expected.

There are many other ways to configure the filter. You can look up those options in the official documentation.


There is a known issue with the Tomcat CORS filter and the Red5 Pro implementation of HLS. The above technique is specific to Stream Manager, since a Stream Manager instance is not used for streaming.