Nice, seems to be working much better now
circling back - I made some tweaks and I think we’re good.
we’re using cloudfront and it seems they only append CORS headers when there is an origin header? I observed the same behavior testing nostrimg.com resources:
curl -H "Origin: example.com" -v https://cdn.stemstr.app/stream/e3d8485d8a8824e4a9426cad727e8661edc6022d34b180d2bbf1ecb1a12f490a.m3u8 2>&1 >/dev/null | grep "access-control"
< access-control-allow-origin: *
Discussion
🙏 appreciate the report and help debugging!