Some VK servers give incorrect CORS headers
I am developing a music extension for Google Chrome and have encountered this problem.
VKontakte music is located on several servers that are located in the zone *.vk-cdn.net
Some servers support CORS and this way I can get their content over JS
Accept-ranges:bytes
access-control-allow-methods:GET, HEAD, OPTIONS
access-control-allow-origin:*
cache-control:max-age=604800
content-length:5292838
content-type:audio/mpeg
date:Wed, 13 Jan 2016 20:32:05 GMT
expires:Wed, 20 Jan 2016 20:32:05 GMT
last-modified:Wed, 13 Jan 2016 16:45:43 GMT
server:nginx
status:200 OK
version:HTTP/1.1
And some servers that are on Apache do not give these headers
Accept-Ranges:bytes
Cache-Control:max-age=1468800
Connection:keep-alive
Content-Length:655080
Content-Type:audio/mpeg
Date:Wed, 13 Jan 2016 20:34:52 GMT
ETag:"4b23d502-9fee8"
Expires:Sat, 30 Jan 2016 20:34:52 GMT
Last-Modified:Sat, 12 Dec 2009 17:38:10 GMT
Server:Apache
Thus, requests to such servers via JS are not possible, since Chrome c version 45 has prohibited this. We get an error that MediaElementAudioSource returns zeros instead of content, due to CORS
MediaElementAudioSource outputs zeroes due to CORS access restrictions for https://psv4.vk.me/c613321/u3197020/audios/00a66935ba83.mp3
The browser still plays these files, which makes me think that there is still an opportunity to access the content.
I tried to communicate with VK support, but received a response that the bug tracker of the site was long ago scored and no one will fix it.
Is it possible somehow get around this restriction?
1 answers
You can put your own proxy server somewhere, which will proxy audio from VK servers and add headers so that everything works correctly via AJAX. For such purposes, nginx{[1] is probably best suited]}