Recently we added a player to display live video and radio on our Plone site. When creating this new feature, we used HLS.js to view streaming, however we had some problems with CORS because the user provided a link that usually belonged to another domain. Searching extensively, we found Plone.restapi that addressed some CORS issues.
The new feature of the site, now can stream to anonymous users(image 1), but for logged users(image 2) the player performs an eternal and unanswered request.
I think it may have something to do with X-XSS-Protection.
Can somebody help me?
image 1 - view anonymous users
image 2 - view Logged user