Merge remote-tracking branch 'origin/master' into block-rtmp-players-and-webhooks

mekya · mekya · commit 5bb742220161 · 2025-09-09T07:54:34.000+03:00
diff --git a/src/main/webapp/WEB-INF/red5-web.xml b/src/main/webapp/WEB-INF/red5-web.xml
@@ -75,6 +75,11 @@
 		<property name="appSettings" ref="app.settings" />
 		<property name="dataStoreFactory" ref="dataStoreFactory" />
 		<property name="streamAcceptFilter" ref="streamAcceptFilter"/>
+		<property name="streamPlaySecurityList">
+      	<list>
+        	<ref bean="token.service"/>
+		</list>
+		</property>
 		<property name="streamPublishSecurityList">
 			<list>
 				<ref bean="acceptOnlyStreamsInDataStore"/>
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
@@ -65,6 +65,35 @@
 	</filter-mapping>
 
 
+	<filter>
+		<filter-name>CorsFilter</filter-name>
+		<filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
+		<init-param>
+		    <param-name>cors.allowed.origins</param-name>
+		    <param-value>*</param-value>
+		 </init-param>
+		 <init-param>
+		 	<param-name>cors.allowed.methods</param-name>
+		 	<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
+		 </init-param>
+
+		 <!-- cors.allowed.origins -> * and credentials are not supported at the same time.
+		 If you set to cors.allowed.origins to specific domains and support credentials open the below lines
+		 <init-param>
+            <param-name>cors.support.credentials</param-name>
+            <param-value>true</param-value>
+         </init-param>
+         -->
+		 <init-param>
+		 	<param-name>cors.allowed.headers</param-name>
+            <param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization</param-value>
+         </init-param>
+         <async-supported>true</async-supported>
+	</filter>
+	<filter-mapping>
+		<filter-name>CorsFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
 
 	<filter>
 		<filter-name>HttpForwardFilter</filter-name>
@@ -115,35 +144,7 @@
 		<url-pattern>/streams/*</url-pattern>
 	</filter-mapping>
 
-	<filter>
-		<filter-name>CorsFilter</filter-name>
-		<filter-class>io.antmedia.filter.CorsHeaderFilter</filter-class>
-		<init-param>
-		    <param-name>cors.allowed.origins</param-name>
-		    <param-value>*</param-value>
-		 </init-param>
-		 <init-param>
-		 	<param-name>cors.allowed.methods</param-name>
-		 	<param-value>GET,POST,HEAD,OPTIONS,PUT,DELETE</param-value>
-		 </init-param>
 
-		 <!-- cors.allowed.origins -> * and credentials are not supported at the same time.
-		 If you set to cors.allowed.origins to specific domains and support credentials open the below lines
-		 <init-param>
-            <param-name>cors.support.credentials</param-name>
-            <param-value>true</param-value>
-         </init-param>
-         -->
-		 <init-param>
-		 	<param-name>cors.allowed.headers</param-name>
-            <param-value>Accept, Origin, X-Requested-With, Access-Control-Request-Headers, Content-Type, Access-Control-Request-Method, Authorization</param-value>
-         </init-param>
-         <async-supported>true</async-supported>
-	</filter>
-	<filter-mapping>
-		<filter-name>CorsFilter</filter-name>
-		<url-pattern>/*</url-pattern>
-	</filter-mapping>
 	<servlet>
 		<servlet-name>OpenApi</servlet-name>
 	    <servlet-class>io.swagger.v3.jaxrs2.integration.OpenApiServlet</servlet-class>
