Allow `icy-metadata` and `icy-metaint` in default CORS configuration
I noticed that many of the public streams I've encountered have a wide-open Access-Control-Allow-Origin policy, but do not allow access to request the Icy-Metadata
header nor allow access to read the Icy-MetaInt
header in the response. This prevents any clients that honor CORS (i.e. browsers) from requesting or reading icy metadata.
This patch is to allow cross-origin access to the Icy-MetaData
and Icy-MetaInt
headers by default. Also, this patch inserts the Access-Control-Allow-Headers
and Access-Control-Expose-Headers
into the default XML configuration so that icy metadata works by default. Users can opt-out of it like they can with Access-Control-Allow-Origin: *
.
The main use-case is to enable browsers to read icy metadata via a cross-origin request. I'm building a client side library that does that here: icecast-metadata-js. The inline metadata offers immediate metadata updates with no noticeable latency, which is really valuable in certain contexts, like for broadcasting police / fire scanner metadata, or ad insertions, etc.