I am currently developing a Chromecast app for an existing video streaming service. We are currently developing a proof of concept app that will allow us to Cast video.

I have read on the Cast developers website about CORS here. Unfortunately, I do not have the access required to change headers on responses from our servers or update the cors.xml file on the server (Which to my knowledge currently does not exist).

My current work around to this problem is to proxy my Chromecast's HTTP traffic through Charles, and use the rewrite feature to add the required CORS headers to the HLS files being requested from other origins.

This solution works fine for non-secure content, however, we also have content being delivered over HTTPS, and the above solution does not work.

Is there any way, with or without a proxy, to ignore, bypass, or add CORS headers on https responses for the development of a Chromecast app on a whitelisted device?

On solution might be to install the Charles certificate, that would allow the proxy to intercept HTTPS traffic and the Chromecast to accept connections from endpoints using that cert, but I do not see a way to install that certificate on the Chromecast.

Another solution may also be to write our own intermediary service that the Chromecast hits, instead of our servers, and returns the video streams with the proper CORS implementation.

Thank you!

Your best bet is to use a proxy; if https content cannot be routed through the proxy, you might want to limit the content to http for development and when you see that working, start working with your CDN to add the CORS headers, etc. Adding headers is something that is not a hard thing for a lot of CDNs since they have been doing that already and are familiar with the process, so you may contact them and see if they can accommodate you earlier. There is no shortcut on the CC side to disable that for development.