CORS on https://embed.twitch.tv/embed/v1.js

Guillaume · October 27, 2021, 12:02am

Hello,

Our website includes the v1.js in order to embed a stream.

<script type="module" src="https://embed.twitch.tv/embed/v1.js"></script>

This is now failing (I am pretty sure it used to work) due to cors.

~$ curl --verbose  https://embed.twitch.tv/embed/v1.js
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/1.1 200 OK
< Connection: keep-alive
< Content-Length: 17182
< Content-Type: application/x-javascript
< Server: Kestrel
< ETag: "2a27457ea6d1f8d58b91741b83bbf807"
< X-XSS-Protection: 1; mode=block
< X-Content-Type-Options: nosniff
< Release-Type: release
< Accept-Ranges: bytes
< Date: Wed, 27 Oct 2021 00:00:32 GMT
< Via: 1.1 varnish
< Age: 40
< X-Served-By: cache-iad-kiad7000110-IAD
< X-Cache: HIT
< X-Cache-Hits: 1
< X-Timer: S1635292833.826972,VS0,VE1
< Vary: Access-Control-Request-Headers, Access-Control-Request-Method, Origin, Accept-Encoding
< Strict-Transport-Security: max-age=300

My understanding is that this URL “https://embed.twitch.tv/embed/v1.js” should return -at least- the “Access-Control-Allow-Origin” header, with provided origin or *.

Am I missing something?

BarryCarlyon · October 27, 2021, 10:53am

Link to broken webpage please

Guillaume · October 27, 2021, 1:12pm

Still a prototype, I can’t disclose a link in a public forum. Will send as MP.

BarryCarlyon · October 27, 2021, 1:13pm

Then sounds like your problem might be the lack of SSL or a “unsupported local host” scenario.

Guillaume · October 27, 2021, 1:40pm

Removing the type=module seems to fix the issue. Thanks!

system · November 26, 2021, 1:41pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.