JohnMason1 2 Posted October 1, 2024 Posted October 1, 2024 Hi everyone! I have to start with a positive word about the night-vs-day that Emby is against Jellyfin at the moment (which is what spurred me on to finally try Emby). I got a month of Premiere to test it. The Android apps work perfectly, however on the web app, the key is accepted, but the circle spins endlessly. No matter what laptop or browser I log in from, the circle still spins a day later. Now, my main wishful setting was to set dark mode for settings (which requires Premiere). Sometimes this happens, but other times it stays white. I am not sure how else I can tell if the web app knows I have Premiere, as all the indications that say e.g. "this setting requires Premiere", "Get Premiere" on the top right, etc. are all still there. I have disabled ad blockers, FF/Edge anti-tracking and checked nothing is being blocked by NextDNS. Is there any way I can fix this?
GrimReaper 3850 Posted October 2, 2024 Posted October 2, 2024 34 minutes ago, JohnMason1 said: I am not sure how else I can tell if the web app knows I have Premiere, as all the indications that say e.g. "this setting requires Premiere", "Get Premiere" on the top right, etc. are all still there. If "Get Premiere" banner is still present, your key was likely not validated. You can post server log as it'd show (un)successful validation attempts.
JohnMason1 2 Posted October 2, 2024 Author Posted October 2, 2024 Thanks @GrimReaper. I don't want to post logs publicly as I can see they contain e.g. full directory listings, I can pm someone if that helps. I am looking at the log here, but not sure what I should be looking for. It does not contain the word 'premiere' anywhere, what other keywords can I look for?
GrimReaper 3850 Posted October 2, 2024 Posted October 2, 2024 5 minutes ago, JohnMason1 said: what other keywords can I look for? mb3admin.com
JohnMason1 2 Posted October 2, 2024 Author Posted October 2, 2024 (edited) Great, here are some instances of it (attached) embyserver-mb3admin.txt Edited October 2, 2024 by JohnMason1 Attached log instead of pasting it
GrimReaper 3850 Posted October 2, 2024 Posted October 2, 2024 (edited) Doesn't look like a communication issue as validation is occurring: Quote 2024-10-02 08:49:01.429 Info SecurityManager: Not registered for MBSupporter but it seems that the response from the server is that the key really isn't valid - causes of that might be proxies, VPNs, browser addins etc. that could potentially be interfering/modifying headers. You can go through the steps listed here: My Emby Key Says it is Invalid or Missing If unsuccessful, you can email: Quote billingsupport@emby.media with the account details. Edited October 2, 2024 by GrimReaper
JohnMason1 2 Posted October 2, 2024 Author Posted October 2, 2024 11 minutes ago, GrimReaper said: proxies, VPNs, browser addins Thank you for the pointers. Premiere is recognised from both my phone and my Shield, so we can assume the server knows it's got it and it's something browser specific, as it is happening on two different laptops, one Linux Mint, one Windows, on both Firefox and Edge. I use NextDNS, but I use that at router level, so my phone and the Shield both go through it. I have tried disabling uBlock and the browser anti-tracking protections, with no luck. Knowing the logs 13 minutes ago, GrimReaper said: Info SecurityManager: Not registered for MBSupporter Is this a response received from Emby's server? If so, does it not mean the problem is with Emby's server rather than my end? I will try some more browsers, before emailing billing.
GrimReaper 3850 Posted October 2, 2024 Posted October 2, 2024 14 minutes ago, JohnMason1 said: Is this a response received from Emby's server? It is: Quote 2024-10-02 08:49:01.426 Info HttpClient: Http response 200 from https://mb3admin.com/admin/service/registration/validate after 472ms. 15 minutes ago, JohnMason1 said: If so, does it not mean the problem is with Emby's server rather than my end? Wouldn't think so, it likely means that the key admin server is receiving does not correspond to the one registered in the db. Personally, I'd put my phone on mobile data, create a hotspot, connect either laptop through it and try to validate - you'd narrow down potential points of failure, either router/network setup related or machine/browser related.
ebr 15487 Posted October 2, 2024 Posted October 2, 2024 4 hours ago, JohnMason1 said: it is happening on two different laptops Hi. Where is the server installed? What happens on that machine? The key only needs to be input once - on the server machine. Also be sure you don't have invisible or invalid characters in the key...
JohnMason1 2 Posted October 2, 2024 Author Posted October 2, 2024 1 minute ago, ebr said: Where is the server installed? It's a headless cloud server. 2 minutes ago, ebr said: The key only needs to be input once - on the server machine. Is there a way to directly input the key into the server settings files somewhere? Also, I have entered the key in the mobile and Shield apps, and it's been accepted fine, but clearly this has not translated to the web app. 3 minutes ago, ebr said: invisible or invalid characters in the key. I am directly copying/pasting it from the email they sent me.
ebr 15487 Posted October 2, 2024 Posted October 2, 2024 Just now, JohnMason1 said: Also, I have entered the key in the mobile and Shield apps, and it's been accepted fine The key only needs to be entered once. 1 minute ago, JohnMason1 said: but clearly this has not translated to the web app I still suspect something in the browser. Is there an error in the console?
JohnMason1 2 Posted October 2, 2024 Author Posted October 2, 2024 1 minute ago, ebr said: Is there an error in the console? Good catch, I didn't think of checking there There is this: Content-Security-Policy: The page’s settings blocked the loading of a resource (connect-src) at https://mb3admin.com/admin/service/registration/getStatus because it violates the following directive: “connect-src 'self'” Uncaught (in promise) TypeError: NetworkError when attempting to fetch resource.
ebr 15487 Posted October 2, 2024 Posted October 2, 2024 14 hours ago, JohnMason1 said: The Android apps work perfectly, So you can enter the key using the Android app and there is no issue? If so, you don't need to do it again anywhere else. Does everything work after validating the key properly in the app? @Lukethe last time (4.2.x) there was a similar CSP problem, something was adjusted in the server to address it, I think... 1
Solution JohnMason1 2 Posted October 2, 2024 Author Solution Posted October 2, 2024 Fixed it! The problem was I had just taken Jellyfin's nginx config and used it as a template for Emby. This did not include the necessary Content-Security-Policy header, hence this issue. I just looked up and used the config some other fellow users recommended, and now it works. I still need to research and learn more about this header to make sure I am keeping my server as secure as can be. Here's what the headers section of nginx looks like now, any further advice is always welcome: # Content Security Policy add_header X-Xss-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Strict-Transport-Security "max-age=2592000; includeSubdomains" always; add_header X-Frame-Options "SAMEORIGIN" always; proxy_hide_header X-Powered-By; add_header 'Referrer-Policy' 'no-referrer'; add_header Content-Security-Policy "frame-ancestors mydomain.com emby.mydomain.com;"; 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now