From b48f65c1a48ce8e8dfbf49682c58f61ddc2dd890 Mon Sep 17 00:00:00 2001
From: "dorin.clisu" <dorin.clisu@gmail.com>
Date: Sun, 4 Jul 2021 16:41:10 +0300
Subject: [PATCH] fix CORS issues with HLS player using authorization

---
 internal/hlsserver/server.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/internal/hlsserver/server.go b/internal/hlsserver/server.go
index c997498c..7797a2ee 100644
--- a/internal/hlsserver/server.go
+++ b/internal/hlsserver/server.go
@@ -150,6 +150,14 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	pa := r.URL.Path[1:]
 
 	w.Header().Add("Access-Control-Allow-Origin", s.hlsAllowOrigin)
+	w.Header().Add("Access-Control-Allow-Credentials", "true")
+
+	if r.Method == "OPTIONS" {
+		w.Header().Add("Access-Control-Allow-Methods", "GET, OPTIONS")
+		w.Header().Add("Access-Control-Allow-Headers", r.Header.Get("Access-Control-Request-Headers"))
+		w.WriteHeader(http.StatusOK)
+		return
+	}
 
 	if pa == "" || pa == "favicon.ico" {
 		w.WriteHeader(http.StatusNotFound)