JohnMason1 1 Posted Tuesday at 11:22 PM Share Posted Tuesday at 11:22 PM Hi everyone! I have to start with a positive word about the night-vs-day that Emby is against Jellyfin at the moment (which is what spurred me on to finally try Emby). I got a month of Premiere to test it. The Android apps work perfectly, however on the web app, the key is accepted, but the circle spins endlessly. No matter what laptop or browser I log in from, the circle still spins a day later. Now, my main wishful setting was to set dark mode for settings (which requires Premiere). Sometimes this happens, but other times it stays white. I am not sure how else I can tell if the web app knows I have Premiere, as all the indications that say e.g. "this setting requires Premiere", "Get Premiere" on the top right, etc. are all still there. I have disabled ad blockers, FF/Edge anti-tracking and checked nothing is being blocked by NextDNS. Is there any way I can fix this? Link to comment Share on other sites More sharing options...
GrimReaper 3670 Posted Wednesday at 12:00 AM Share Posted Wednesday at 12:00 AM 34 minutes ago, JohnMason1 said: I am not sure how else I can tell if the web app knows I have Premiere, as all the indications that say e.g. "this setting requires Premiere", "Get Premiere" on the top right, etc. are all still there. If "Get Premiere" banner is still present, your key was likely not validated. You can post server log as it'd show (un)successful validation attempts. Link to comment Share on other sites More sharing options...
JohnMason1 1 Posted Wednesday at 07:53 AM Author Share Posted Wednesday at 07:53 AM Thanks @GrimReaper. I don't want to post logs publicly as I can see they contain e.g. full directory listings, I can pm someone if that helps. I am looking at the log here, but not sure what I should be looking for. It does not contain the word 'premiere' anywhere, what other keywords can I look for? Link to comment Share on other sites More sharing options...
GrimReaper 3670 Posted Wednesday at 08:01 AM Share Posted Wednesday at 08:01 AM 5 minutes ago, JohnMason1 said: what other keywords can I look for? mb3admin.com Link to comment Share on other sites More sharing options...
JohnMason1 1 Posted Wednesday at 08:30 AM Author Share Posted Wednesday at 08:30 AM (edited) Great, here are some instances of it (attached) embyserver-mb3admin.txt Edited Wednesday at 08:32 AM by JohnMason1 Attached log instead of pasting it Link to comment Share on other sites More sharing options...
GrimReaper 3670 Posted Wednesday at 08:50 AM Share Posted Wednesday at 08:50 AM (edited) Doesn't look like a communication issue as validation is occurring: Quote 2024-10-02 08:49:01.429 Info SecurityManager: Not registered for MBSupporter but it seems that the response from the server is that the key really isn't valid - causes of that might be proxies, VPNs, browser addins etc. that could potentially be interfering/modifying headers. You can go through the steps listed here: My Emby Key Says it is Invalid or Missing If unsuccessful, you can email: Quote billingsupport@emby.media with the account details. Edited Wednesday at 08:51 AM by GrimReaper Link to comment Share on other sites More sharing options...
JohnMason1 1 Posted Wednesday at 09:04 AM Author Share Posted Wednesday at 09:04 AM 11 minutes ago, GrimReaper said: proxies, VPNs, browser addins Thank you for the pointers. Premiere is recognised from both my phone and my Shield, so we can assume the server knows it's got it and it's something browser specific, as it is happening on two different laptops, one Linux Mint, one Windows, on both Firefox and Edge. I use NextDNS, but I use that at router level, so my phone and the Shield both go through it. I have tried disabling uBlock and the browser anti-tracking protections, with no luck. Knowing the logs 13 minutes ago, GrimReaper said: Info SecurityManager: Not registered for MBSupporter Is this a response received from Emby's server? If so, does it not mean the problem is with Emby's server rather than my end? I will try some more browsers, before emailing billing. Link to comment Share on other sites More sharing options...
GrimReaper 3670 Posted Wednesday at 09:25 AM Share Posted Wednesday at 09:25 AM 14 minutes ago, JohnMason1 said: Is this a response received from Emby's server? It is: Quote 2024-10-02 08:49:01.426 Info HttpClient: Http response 200 from https://mb3admin.com/admin/service/registration/validate after 472ms. 15 minutes ago, JohnMason1 said: If so, does it not mean the problem is with Emby's server rather than my end? Wouldn't think so, it likely means that the key admin server is receiving does not correspond to the one registered in the db. Personally, I'd put my phone on mobile data, create a hotspot, connect either laptop through it and try to validate - you'd narrow down potential points of failure, either router/network setup related or machine/browser related. Link to comment Share on other sites More sharing options...
ebr 15235 Posted Wednesday at 01:28 PM Share Posted Wednesday at 01:28 PM 4 hours ago, JohnMason1 said: it is happening on two different laptops Hi. Where is the server installed? What happens on that machine? The key only needs to be input once - on the server machine. Also be sure you don't have invisible or invalid characters in the key... Link to comment Share on other sites More sharing options...
JohnMason1 1 Posted Wednesday at 01:32 PM Author Share Posted Wednesday at 01:32 PM 1 minute ago, ebr said: Where is the server installed? It's a headless cloud server. 2 minutes ago, ebr said: The key only needs to be input once - on the server machine. Is there a way to directly input the key into the server settings files somewhere? Also, I have entered the key in the mobile and Shield apps, and it's been accepted fine, but clearly this has not translated to the web app. 3 minutes ago, ebr said: invisible or invalid characters in the key. I am directly copying/pasting it from the email they sent me. Link to comment Share on other sites More sharing options...
ebr 15235 Posted Wednesday at 01:34 PM Share Posted Wednesday at 01:34 PM Just now, JohnMason1 said: Also, I have entered the key in the mobile and Shield apps, and it's been accepted fine The key only needs to be entered once. 1 minute ago, JohnMason1 said: but clearly this has not translated to the web app I still suspect something in the browser. Is there an error in the console? Link to comment Share on other sites More sharing options...
JohnMason1 1 Posted Wednesday at 01:37 PM Author Share Posted Wednesday at 01:37 PM 1 minute ago, ebr said: Is there an error in the console? Good catch, I didn't think of checking there There is this: Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at https://mb3admin.com/admin/service/registration/getStatus because it violates the following directive: “connect-src 'self'” Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource. Link to comment Share on other sites More sharing options...
ebr 15235 Posted Wednesday at 01:52 PM Share Posted Wednesday at 01:52 PM 14 hours ago, JohnMason1 said: The Android apps work perfectly, So you can enter the key using the Android app and there is no issue? If so, you don't need to do it again anywhere else. Does everything work after validating the key properly in the app? @Lukethe last time (4.2.x) there was a similar CSP problem, something was adjusted in the server to address it, I think... 1 Link to comment Share on other sites More sharing options...
ebr 15235 Posted Wednesday at 01:53 PM Share Posted Wednesday at 01:53 PM Oh wait, @JohnMason1are you using a VPN? Link to comment Share on other sites More sharing options...
Solution JohnMason1 1 Posted Wednesday at 01:56 PM Author Solution Share Posted Wednesday at 01:56 PM Fixed it! The problem was I had just taken Jellyfin's nginx config and used it as a template for Emby. This did not include the necessary Content-Security-Policy header, hence this issue. I just looked up and used the config some other fellow users recommended, and now it works. I still need to research and learn more about this header to make sure I am keeping my server as secure as can be. Here's what the headers section of nginx looks like now, any further advice is always welcome: # Content Security Policy add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com emby.mydomain.com;"; 1 Link to comment Share on other sites More sharing options...
ebr 15235 Posted Wednesday at 02:02 PM Share Posted Wednesday at 02:02 PM Excellent. Thanks for reporting back. 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now