Domain Authentication, Token Authentication, Security to Protect Your Streams

Document created by Sandeep Jain Employee on Nov 9, 2015Last modified by Sandeep Jain Employee on Dec 29, 2015
Version 4Show Document
  • View in full screen mode


This feature will allow streams to only playback from their specified domains or subdomains.




  1. Octoshape/Infinite Product Stream
  2. Customer Octoshape Players using OSMF plug-in with V206 or newer (around 2011-11-01) or ASOSA SDK with V206 or newer (around 2011-11-01)
  3. IHDP, Infinite HD Player.




  1. Security Features
    • Domain check: The flash player code verifies the hosting domain website is an allowed domain. This is done by executing a javascript call to the containing website for the URL.  Due to browser security policies we are unable to support domain validation within an iframe.
      • This prevents 3rd party websites from:
        • embedding the Flash player from the specified domain into another rogue domain
        • using HMTL iframe to show your player or content into another rogue domain
    • Adobe's Flash player's cross domain policies:
      • This will ensure the swf file is hosted on the specified allowed domain(s). The Octoshape client issues a key to the player that is HTTP posted back to the Octoshape client via a localhost URL. From the URL the Octoshape client serves a crossdomain.xml file that only allows communication from the configured domains.
    • Token Authentication: