@RyanHirsch I just tried the RSS feed I linked here for kicks and giggles... getting a 500 response that says "Boom" :)


@agates awesome I will track it down. Thank you for testing it.

@agates should be fixed, you don't have any categories on that feed, and the code didn't handle that very well

@RyanHirsch Very cool. Something else that would be helpful is verifying that images are served over HTTPS.

@RyanHirsch Another thing that would be helpful is verifying the image can be hotlinked to through the browser. For example


has an image link of


which doesn't allow hotlinking as shown in the screen shot below

@brianoflondon I don't have phase 3 working yet, I should remove it from the display :D

I prioritized the CORS stuff. I'll have it working soon*

@Lehmancreations great, thanks for flagging. Its the same redirect issue that hit @chidgey I'll dig in later today

@RyanHirsch Does a tick in a slightly lighter colour really mean a "cross" - that it isn't in the feed? What does the CORS stuff mean - how do I fix that (if I do?)

@jamescridland the light color means the server attempted to verify that aspect the feed but it didn’t “pass”.

In your screen shot CORS was attempted but ultimately failed. This is generally a responsibility of the hosting provider and their configuration.

Failure means the endpoints are locked down so that other websites cannot directly access that content. Any web based podcast player or tool will have to go through a proxy to access the resource.

@RyanHirsch @jamescridland This tool is great - I would advocate for making a X if it does not pass.

We probably also need an article to explain what CORS is, and what it means if you fix it.

In this case, yes James you would have to fix it yourself.

What it means eg. is if you want to allow a web app to read your RSS feed (or the audio/transcript) directly, and not through a proxy.

In almost all cases for podcasts, you do want that.

@RyanHirsch @jamescridland
What you would need to do (this is probably easily google-able if you use AWS or Google Cloud etc.), is look into adding the headers:

Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: *

When the webserver returns your rss feed, the transcript files, chapter files and audio files.

For example I use PHP and have the following lines:

header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: *");

@martin @RyanHirsch @jamescridland
I'd like to point out that cors for the enclosure is not imo critical. Web players can still play the audio. Control the playback speed, volume etc.
Cors would allow more advanced features like waveform display or audio processing like compression.

The more important (in pc20 point of view) is that you have cors working on chapters and transcripts because they are totally useless without cors or proxy.

Just my 2c 🙂.

@ville @martin @RyanHirsch Thanks. I'm unaware of any issues that not having CORS on my podcast audio causes. But happy to add those headers in CloudFront (and indeed thought I had for someone else).

@jamescridland @ville @RyanHirsch
Yeah, the CORS on the audio is not that important. The audio element in browsers allows Javascript to do a lot without. However things like skipping silence, boosting volume, showing waveforms etc. would only be possible with CORS headers, because it requires the Javascript to understand the content and not just play it "blindly".

Correct me if wrong but shouldnt browser do this natively instead? Not an avid fan of js here.

@jamescridland @ville @RyanHirsch

@RyanHirsch "the light color means the server attempted to verify that aspect the feed but it didn’t “pass”."

Please consider a clear cross rather than a tick; and to use accessible colours that are visible to those on a bad monitor or with degraded sight.

@jamescridland @RyanHirsch @martin I agree that a clear CORS write up is a good idea. It would be nice to post up Adam’s Podcasting 2.0 document and then section link directly from the checker to each relevant explanation. CORS is a big topic, with some security caveats to consider if someone is hosting their podcast files on their main host name.

@dave @jamescridland @martin Thanks for the feedback. I've tweaked some things to help clarify. I will be adding more explainers.

I'm also intending on making this certification a completely dedicated site/domain. It is very helpful to get these questions asked and answered before I roll that out.

Sign in to participate in the conversation
PodcastIndex Social

Intended for all stake holders of podcasting who are interested in improving the eco system