I’m having issues playing private videos on iOS as well, see How to use hls with private videos in native suported browser that does not support mediaSource? - #3 by simeon
The service workers solution is interesting but, in my humble opinions, somewhat involved if one’s worked with service workers and a serious time sink if one hasn’t.
Have you considered performing the authentication through an URL query parameter instead of a header? I’d expect that to work out-of-the-box on iOS but may be mistaken.
I saw that that’s how Mux does it (Use Video.js with Mux | Mux). They use JWT tokens, though. I can’t judge whether that’s a requirement for authentication through query parameters.
Curious to hear more about this topic as it seems to be impacting several of us.