Passing token for private channel on URL causes redirect and 403

[griff-stripe]

Describe the bug When I use the web SDK to pass a private channel URL via the ?token= querystring parameter, the network request is cancelled by the player SDK, the token is removed, and the request is made without the token, resulting in a 403.

Response (same as if I hadn't included the token at all):

[{"url":"/api/video/v1/us-west-2.redacted.m3u8?pbac=true\u0026pbar=true\u0026pblm=LOW\u0026player_version=1.13.0","error":"token contains an invalid number of segments","error_code":"invalid_playback_auth_token","type":"error"}]

To Reproduce

1. Share sample code, preferably in your environment, e.g. with CodePen, repl.it, or a live demo
2. Steps to reproduce

Expected behavior A clear and concise description of what you expected to happen.

Screenshots If applicable, add screenshots to help explain your problem, e.g. of the player behavior you're seeing or of the console output.

Desktop:

• OS: macOS
• Browser: Chrome
• Version: 107

Additional context Add any other context about the problem here.

[griff-stripe]

I was able to fix this issue. The web player SDK appears to now be sensitive to the order some of the calls are made when initializing the player. Once I swapped the attachHTMLVideoElement / setLiveLowLatencyEnabled / load calls in my React app, it started working again for me.

Also asked and answered here https://repost.aws/questions/QUbKFZjYV-SdSJXU0zUUd0dA/ivs-passing-token-for-private-channel-on-video-url-causes-redirect-and-403

[fabioegas]

To all of you that are having problems with iOS and private streaming, you just need to add crossorigin="anonymous" in <video/> tag.

See strict-origin-enforcement parameter: https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/private-channels-generate-tokens.html