Widevine DRM - Body request payload

I'm working on the integration of a player which have to play streams secured with Widevine DRM in a browser.

I've checked some well-known players :

• DashJs - https://github.com/Dash-Industry-Forum/dash.js/wiki
• ShakaPlayer - https://github.com/google/shaka-player

Fortunately, these players provide some samples of stream secured using Widevine DRM.

My question concerns the XHR executes to retrieve DRM Key. In any Widevine secured stream, I can see (in devtools) at least 2 XHR targeting the license server.

Let's take an example: https://media.axprod.net/TestVectors/v7-MultiDRM-SingleKey/Manifest_1080p.mpd

This stream is available in :

• DashJs (https://reference.dashif.org/dash.js/nightly/samples/dash-if-reference-player/index.html) : "Axinom Test Content (modern) > 1080p with PlayReady and Widevine DRM, single key"
• ShakaPlayer (https://shaka-player-demo.appspot.com/demo/) : "Axinom > Multi-DRM"

On Chrome (65.0.3325.181) when I load the stream I can 2 XHR (let's omit the pre-flight "OPTIONS" xhr) :

• POST https://drm-widevine-licensing.axtest.net/AcquireLicense
  • Request X-AxDRM-Message header specific to Axinom
  • Request Content-Length: 2
  • A Request Payload equals to \x08\x04 (Right click on XHR, then "Copy as cURL" and paste it in any text editor)
  • Response Content-Length: 706
• POST https://drm-widevine-licensing.axtest.net/AcquireLicense
  • Request X-AxDRM-Message header specific to Axinom
  • Request Content-Length: 3929
  • A Request Payload with a certain amount of data
  • Response Content-Length: 426

I don't get why there is 2 XHR? Moreover, the first XHR with the two characters \x08\x04 is always sent no matter the stream selected (in case of Widevine DRM stream), is there a specific meaning?

The first request is for the Widevine service certificate

The second request is the actual License request

You can read more about this on https://www.widevine.com/product_news.html

See the section Update - Chrome 59 and Service Certificates