# CrossDomains

Most browsers and players prohibit accessing other domain resources in the currently running domain. You can control this situation through Cross-Origin Resource Sharing (CORS) or Cross-Domain (CrossDomain). You can set CORS and Cross-Domain as `<CrossDomains>` element.

CrossDomain settings are available for HTTP-based APIs, HLS, LLHLS and Thumbnail Publishers and WebRTC Provider(WHIP).

```xml
<CrossDomains>
    <Url>*</Url>
    <Url>*.airensoft.com</Url>
    <Url>http://*.ovenplayer.com</Url>
    <Url>https://demo.ovenplayer.com</Url>
    <Header>
        <Key>Access-Control-Expose-Headers</Key>
        <Value>Date, Server, Content-Type, Content-Length</Value>
    </Header>
    <Header>
        <Key>custom-header</Key>
        <Value>airensoft</Value>
    </Header>
</CrossDomains>
```

You can set it using the `<Url>` element as shown above, and you can use the following values:

<table><thead><tr><th width="290">Url Value</th><th>Description</th></tr></thead><tbody><tr><td><code>*</code></td><td>Allows requests from all Domains.</td></tr><tr><td>domain</td><td>Allows both HTTP and HTTPS requests from the specified Domain.</td></tr><tr><td>http://domain</td><td>Allows HTTP requests from the specified Domain.</td></tr><tr><td>https://domain</td><td>Allows HTTPS requests from the specified Domain.</td></tr></tbody></table>

You can respond with custom HTTP headers via `<CrossDomains>`. You can use them by adding multiple `<Header>/<Key>` and `<Header>/<Value>` as in the example above.

## Default(Global) CORS Settings

If all Applications share the same CORS policy, you can configure CORS under `<Server><Defaults><CrossDomains>` to apply it globally. This default CORS setting is also applied to invalid requests, such as `400 Bad Request` responses or requests to non-existent Applications.

```xml
<?xml version="1.0" encoding="UTF-8"?>
<Server version="8">
    <Name>OvenMediaEngine</Name>
    ... omitted ...

    <!-- Default Settings for all Virtual Hosts -->
    <Defaults>
        <CrossDomains>
            <Url>*.ovenplayer.com</Url>
        </CrossDomains>
    </Defaults>

    <VirtualHosts>
        <VirtualHost>
            <Name>default</Name>
    ... omitted ...
```

{% hint style="warning" %}
Up to version 0.19.0, the default CORS setting was supported per VirtualHost and had to be configured at `<Server><VirtualHosts><VirtualHost><CrossDomain>`. However, this method is now deprecated and no longer applied. The configuration has been consolidated under `<Server><Defaults><CrossDomain>`.
{% endhint %}

## Application-Specific CORS Settings

If a particular Application requires a different CORS policy, you can add a CORS configuration to that Application. In this case, the Application-specific CORS setting takes precedence. For example, you can configure CORS for the current WebRTC Provider (WHIP), LLHLS, HLS, and Thumbnail Publisher as follows:

```xml
<VirtualHost>
    <Name>default</Name>
    ... omitted ...
    <Applications>
        <Application>
            <Name>app</Name>
            <Type>live</Type>
            ... omitted ...
            <Providers>
                <WebRTC>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </WebRTC>
            </Providers>
            <Publishers>
                <LLHLS>
                    <ChunkDuration>0.5</ChunkDuration>
                    <PartHoldBack>1.5</PartHoldBack>
                    <SegmentDuration>6</SegmentDuration>
                    <SegmentCount>10</SegmentCount>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </LLHLS>
                <HLS>
                    <SegmentCount>4</SegmentCount>
                    <SegmentDuration>4</SegmentDuration>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </HLS>
                <Thumbnail>
                    <CrossDomains>
                        <Url>*</Url>
                    </CrossDomains>
                </Thumbnail>
            </Publishers>
        </Application>
    </Applications>
</VirtualHost>

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ovenmediaengine-enterprise.gitbook.io/guide/features/operations-and-monitoring/crossdomains.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.