403 when updating allowedOrigins through curl or PHP

I’m experiencing an issue where, after updating the allowedOrigins for a video through curl or PHP to include a new domain, the modifications don’t appear to be effective. Despite the updated domain being reflected in both the Settings and JSON on the stream Dashboard, accessing the video from the new domain results in a 403 HTTP error with the message “This video has not been configured to be allowed on this domain.” I’ve prepared a sample page for review:

The video ID in question is 74a8cf21dd268636d6c34ab8ed9ec5c2, and the updates were made via curl.


1 Like

To give additional context, I noticed that manually inputting the same domain directly into the Stream Dashboard’s settings—identical to what was updated via curl —eliminates the error. When comparing the JSON data before and after this manual update, there appears to be no difference.

Can you post your curl with your api key and account id redacted?

1 Like

Here you go

curl -X POST “https://api.cloudflare.com/client/v4/accounts/actid/stream/74a8cf21dd268636d6c34ab8ed9ec5c2
-H “X-Auth-Email: [email protected]
-H “X-Auth-Key: authkey”
-H “Content-Type: application/json”
–data ‘{“allowedOrigins”:[“staging.paramita.tv”]}’

Can you try this?

curl -X POST \
  -H "Authorization: Bearer <YOUR_API_TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "allowedOrigins": ["domain1.com", "domain2.com"]
  }' \

Referring to the docs for editing a pre-existing video:

You will see allowedOrigins in the body. Hopefully that should clear up any problems you were running into!

Be sure to not include the protocol in the hosts that you add or you will get an API failure.

1 Like

Hi, I’ve updated the allowedorigins with your code, specifying 3 different domains. Again, the updates appear to be correctly reflected in the CF Dashboard, both in the Settings and JSON. However, I’m still experiencing “This video has not been configured to be allowed on this domain.” with video playback

Staging Site:

Here is the code:

curl -X POST \
  -H "Authorization: Bearer <TOKEN>" \
  -H "Content-Type: application/json" \
  -d '{
    "allowedOrigins": ["staging.paramita.tv", "www.domain1.com", "www.domian2.tv"]
  }' \

I see. I misunderstood your initial issue. I’ve been investigating this video as the origins looked good, but internal cache entry was stale. I’ve gone ahead and refreshed this video.

Can you confirm things look ok on your end? Apologies for any inconvenience. We’ll be investigating to make sure something like this can’t happen in the future.

On the staging site you listed above, I can now load both iFrames.

Hi, I’ve successfully loaded the test video that was updated via curl. We intend to apply the same method to update around 200 videos for domain change. Could you inform us about the timeline for resolving this issue? Or is there anyway we can refresh the video cache on our end?

Because last time we were forced to manually update every video to overcome this challenge.


Are you experiencing the same issue on existing videos currently? Do you have an open ticket for this issue against Cloudflare already?

No, we did not open a ticket.

And yes, we are encountering issues with curl when adding new domain.
We’ve repeated the same process just to be sure. When deleting the *.paramita.tv domain via curl, the modification usually takes effect in under a minute. However, when re-adding it through curl, the timing of the update can vary. From my experience, it may take up to an hour or more for the changes to propagate. Is there a method we can employ to ensure timely refresh of these modifications?

Thanks for letting me know. Let me take some time to dig into this behavior today. All changes should take roughly a minute or so to propagate.

Can you confirm you’re reproducing using the curl command I posted above?

Yes, I used the same command from your example to remove and add the domain back. As of now, the test video is still not playable.

Ok, I’ve released an update globally. Are you able to perform some retesting so we can collect more data and see if anything has improved?

1 Like

I’ve just executed a domain removal and re-addition using curl, and both actions showed immediate results. It seems to have worked this time! thanks.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.