da33919368
The frontend already routes every m3u8 URL through `getProxyUrl` → `/proxy?url=…` so CORS-restricted hosts work for users. The verifier was the odd one out: it loaded m3u8 URLs directly into hls.js inside a `data:` URL test page, which has Origin `null`. Hosts like `oe1.ossfeed.store` (pitsport's playlist CDN) only set ACAO when the request's Origin is `https://pushembdz.store`, so hls.js got an instant `fatal_network_error` and every pitsport stream was marked dead even though they play fine for real users. Wrap the m3u8 URL the same way the verifier already wraps embed URLs: `{PROXY_BASE}/proxy?url=<b64>`. Stays same-origin for hls.js, gets ACAO:* from our proxy, and the rewritten variants are also proxy-wrapped so subsequent fetches stay clean. For sites whose CDN serves any IP without Origin tricks (stremio, dd12), this is transparent — proxy just forwards. Side effect: every verified m3u8 hits our proxy once during extraction. Cheap (1 cluster-internal request + 1 upstream HEAD/GET) and only during the 5/30-min extraction cycle. |
||
|---|---|---|
| .. | ||
| files | ||
| .terraform.lock.hcl | ||
| backend.tf | ||
| main.tf | ||
| providers.tf | ||
| secrets | ||
| terragrunt.hcl | ||