Why can't I play DRM protected streams in Chrome?

In order to play DRM protected content in Chrome the following requirements have to be met, otherwise the EME API can't be accessed by the player:

  1. Make sure that your website, which embed the player and is playing your DRM content, is served using https://
  2. Make sure that all DRM related resources are served using 'https://' (MPD URL, LA URL, Segment URL's

Those rules don't apply if you are using localhost as domain to serve your website and/or content, as Chrome considers this as a secure origin to ease the development, when working with DRM.

Why is that so: When it comes to playing a stream protected with DRM, the decryption is directly handled by the browser through a component called the CDM (Content Decryption Module). The video player access this module via the EME (Encrypted Media Extension) API.

Since the version 58 of Chrome (2017), Google have set some news rules regarding playback of protected streams in their Chrome browser. Chrome no longer allows the usage of this API, and other APIs as well, over “insecure contexts”, which means that the web page where the player is hosted, as well as the stream itself has to be delivered via HTTPS, otherwise Chrome will not enable the EME API and the playback of protected content will then not be performed.

Firefox will be most likely be the next browser who enforces HTTPS for playing DRM protected content, as it already states a warning the debug console, that HTTPS will be required “soon”.

While this restriction doesn’t apply to all browsers yet, sooner or later they will follow the example of Chrome, in order enforce a more secure content delivery.