Blog

Janus WebRTC server: CORS on admin and REST APIs, long polling, and plugin-specific HTTP callbacks

Janus exposes HTTP for session creation—lock down admin paths separately from browser-facing CORS.

Published: 2028-06-26Updated: 2028-06-281 min read

januswebrtccors

Plugins

Streaming plugins may open RTSP upstream—CORS is irrelevant there but document firewall rules.

SIP plugin interop may require different TLS settings—test end-to-end with real desk phones.

Session stickiness matters for Janus handles—misrouting looks like auth failures, not CORS.