Feature #852

Implement cross domain javascript API

Added by daniel magnusson about 11 years ago. Updated over 7 years ago.

User Interface
Target version:
Start date:
Due date:
% Done:


Estimated time:


I want to create a stand alone javascript app that runs on another server(or device, or port..). Need cross domain requests for ajax.

Pretty small change but not sure about the security implications.

It's covered here;

Diff to make it all work;

--- a/src/http.c
+++ b/src/http.c
@@ -166,6 +166,9 @@ http_send_header(http_connection_t *hc, int rc, const char *content,
          rc, http_rc2str(rc));

   htsbuf_qprintf(&hdrs, "Server: HTS/tvheadend\r\n");
+  htsbuf_qprintf(&hdrs, "Access-Control-Allow-Origin: *\r\n");
+  htsbuf_qprintf(&hdrs, "Access-Control-Allow-Methods: POST, GET\r\n");
+  htsbuf_qprintf(&hdrs, "Access-Control-Allow-Headers: x-requested-with\r\n");

   if(maxage == 0) {
     htsbuf_qprintf(&hdrs, "Cache-Control: no-cache\r\n");



Updated by Adam Sutton over 10 years ago

  • Status changed from New to Rejected

I don't understand the need for this, maybe I'm being dense. Also there have been no updates in 6 months.

If you still want to do this, please can you drop me a line or pop along to #hts to discuss further.


Updated by Chris Koster over 7 years ago

The topic is almost three years old but I would also like to see this option. I'd like to build my own web based front end to watch TV, can't do it without allowing cross domain. Of course there are workarounds but it would be nice if I don't have to use a proxy anymore.


Updated by John Törnblom over 7 years ago

Another, perhaps more secure approach, would be talk htsp via websockets. See my old branch at:

the branch is pretty old, so will probably not merge that well with upstream master. but have a look at the commit history to get an idea of what work is required.

Here is a javascript example that maps a few htsp events to javascript events:

Also available in: Atom PDF