Earlier this week the video content we use in our Test and Production environments, which is using https://player.vimeo.com/external/... links, has been throwing a bunch CORS errors in the console after loading the very first part of the video.
Sample error: The 'Access-Control-Allow-Origin' header has a value 'null' that is not equal to the supplied origin.
The initial request we make out to player-vimeo.com does have Access-Control-Allow-Origin:*, as expected from the configuration of our application. However, that player-vimeo returns a 302 which redirects to the CDN https://vod-progressive.akamaized.net and the response we get from there has Access-Control-Allow-Origin: null.
We have not changed any of the code around this video content in months and we've been using Vimeo this way for a long time. It seems to happen in Chrome, but doesn't happen, or happens very rarely, in FireFox or on Mac. The only solution we have found so far is to remove the attribute crossorigin="anonymous" from the video tag, but that is not ideal as it breaks the getting of the caption files associated with the videos.
Weirdly, if you let the video throw the CORS error many times in a row, it actually starts working after it has thrown the error enough times.
As far as we can tell nothing we've done would have led to this breaking, it seems as if Vimeo isn't passing on the Access-Control-Allow-Origin param anymore, or somehow akamaized.net is losing it.
UPDATE We heard back from Vimeo support 6/10/2021:
“This is an issue that our developers are aware of and are working to fix. We apologize for any inconvenience caused and appreciate your patience.
We’ll reach back out once this issue is resolved.”
