Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

JWPlayer Cookie Loss forVTT Caption

We are using JWPlayer 7.2.4.

All was working fine, but we just added support for closed captions using .vtt files.
This has started to cause an issue where cookies are lost from the domain for the call from JWplayer to access the vtt file when CORS is enabled.

We need to preserve the cookies, but when looking at the headers in both Chrome and Firefox,
the 1st call to load the video had the cookies preserved, but the 2nd call to the server to access/load the .vtt file does not have the cookies.

I have added CORS header preservation rules to all servers (Tomcat front, Apache HTTP back, of course all on different ports) and even in the javascript as follows (note I even tried the cookies: true setting):

<!-- WIP crossorigin -->
<video crossorigin="use-credentials">

<script type="text/javascript">

var playerInstance = jwplayer("myElement").setup({

file: "",

tracks: [{
file: '',
label: 'English',

width: "100%",
aspectratio: "235:100",
cookies: "true"

playerInstance.on('error', function(){
alert(arguments[0].type + ": " + arguments[0].message);

playerInstance.on('ready', function(){
// Only display speed buttons for HTML5 browsers
if(playerInstance.getRenderingMode()=='html5') {

playerInstance.on('play', function(){
// To make sure the video run at a speed selected BEFORE video starts
var theVideo = document.querySelector('video');


<!-- WIP crossorigin -->

Our architecture is as follows:

Tomcat serves up the JWPlayer code pointing to Apache HTTP behind it. The Apache HTTP serves up files (e.g. mp4, .vtt caption files) protected with individualized .htaccess files which
1) look for cookie (mod_rewrite condition/rule pair)
2) set CORS rules (mod_headers). If cookie is not found, right now I am redirecting with a 403.

Current header settings:
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE

I always get the 403 error UNLESS I turn off the cookie check. I have determined that the cookie is lost with the 2nd call to load the caption file.

I see that "withCredentials" has been added for playlists ... does this need to be added for caption files?


Dave Birtwell

3 Community Answers


JW Player Support Agent  
0 rated :

Hi Dave,

Have you tried this setup with the latest version of the player (currently 7.5.0)? Also, is it possible to send a link to a reproduction page so we may see the behavior?

Thank you.


0 rated :


I am in touch with Heidi at support. We cannot set up a reproduction page, as right now this is in development stage and requires a Tomcat routing static asset requests to Apache and other setups only available in a full environment.

I've tried the latest which Heidi provided me with and we still see the same issue.

I think at this point Tech Support will be dealing directly with us.


Dave Birtwell


JW Player Support Agent  
0 rated :


I just spoke with Heidi and it does look like she escalated issue to one of our Product Managers. As soon as she hears back, she will be letting you know.

Thank you.

This question has received the maximum number of answers.