One of the most undocumented security features, or at least I haven't seen any reference to it, is telling us what the domain/name is that pulls the videos for the Video component. Is it the user's IP address?
I'm finding it very difficult to find a way to 1) do signed URLs using BrightScript. Absolutely no documentation or examples. 2) Set Cloudflare to only allow ROKU to read the videos I have stored. This requires a "domain". I know Roku has one. I doubt it's "roku.com", but shoot me if it is.
Roku, we need to secure our videos which are almost always public for a while. It's easy for anybody on the web to use a tool to find all open AWS buckets, all CloudFront urls, all CloudFlare urls.
Can I pass into the Video component a PHP web script link that signs and leads to the direct video link?