Widevine DRM - Body request payload

I'm working on the integration of a player which have to play streams secured with Widevine DRM in a browser.

I've checked some well-known players :

DashJs - https://github.com/Dash-Industry-Forum/dash.js/wiki
ShakaPlayer - https://github.com/google/shaka-player

Fortunately, these players provide some samples of stream secured using Widevine DRM.

My question concerns the XHR executes to retrieve DRM Key. In any Widevine secured stream, I can see (in devtools) at least 2 XHR targeting the license server.

Let's take an example: https://media.axprod.net/TestVectors/v7-MultiDRM-SingleKey/Manifest_1080p.mpd

This stream is available in :

DashJs (https://reference.dashif.org/dash.js/nightly/samples/dash-if-reference-player/index.html) : "Axinom Test Content (modern) > 1080p with PlayReady and Widevine DRM, single key"
ShakaPlayer (https://shaka-player-demo.appspot.com/demo/) : "Axinom > Multi-DRM"

On Chrome (65.0.3325.181) when I load the stream I can 2 XHR (let's omit the pre-flight "OPTIONS" xhr) :

POST https://drm-widevine-licensing.axtest.net/AcquireLicense
- Request X-AxDRM-Message header specific to Axinom
- Request Content-Length: 2
- A Request Payload equals to \x08\x04 (Right click on XHR, then "Copy as cURL" and paste it in any text editor)
- Response Content-Length: 706
POST https://drm-widevine-licensing.axtest.net/AcquireLicense
- Request X-AxDRM-Message header specific to Axinom
- Request Content-Length: 3929
- A Request Payload with a certain amount of data
- Response Content-Length: 426

I don't get why there is 2 XHR? Moreover, the first XHR with the two characters \x08\x04 is always sent no matter the stream selected (in case of Widevine DRM stream), is there a specific meaning?

Solution

The first request is for the Widevine service certificate

The second request is the actual License request

You can read more about this on https://www.widevine.com/product_news.html

See the section Update - Chrome 59 and Service Certificates