Cross-Origin Resource Sharing (CORS)
All resources not hosted by Ooyala (video, audio, images, closed captions, css, js, etc.) that are used with your HTML5-based playback must have the appropriate CORS headers configured. If your resources do not follow the CORS standard, your player will not function correctly and may fail when trying to access files across domains.
You must set up CORS enablement on the CDN that you use for content serving. For information on how to enable CORS, see http://enable-cors.org/ or talk to your hosting provider or vendor.
For example, due to the fact that the domain of a closed caption file could be different than the page and/or the video tag itself, we set crossorigin='anonymous' on the video tag. This causes any streamURL that does not properly have the CORS header enabled to fail to load.