Jump to content

Recommended Posts

Posted

Summary: The Emby Android app is no longer working on Android 7.0 Nougat due to webview's Content Security Policy.

 

Device: Nexus 6P

 

Android Build: 7.0 NRD90M (Factory Image

 

Video: YouTube Link

 

Android App Log:

11:36:03.190 [main] INFO  App - Searching for com.google.android.webview
11:36:03.194 [main] INFO  App - com.google.android.webview version name: 52.0.2743.98
11:36:03.195 [main] INFO  App - com.google.android.webview version code: 275609850
11:36:03.195 [main] INFO  App - Parsing 52 to determine chromium version
11:36:03.196 [main] INFO  App - Chromium version: 52
11:36:03.407 [main] DEBUG App - AndroidSyncFileRepository started. syncPath: /storage/emulated/0/Android/data/com.mb.android/files/sync
11:36:03.539 [main] INFO  App - Searching for com.google.android.webview
11:36:03.540 [main] INFO  App - com.google.android.webview version name: 52.0.2743.98
11:36:03.542 [main] INFO  App - com.google.android.webview version code: 275609850
11:36:03.543 [main] INFO  App - Parsing 52 to determine chromium version
11:36:03.544 [main] INFO  App - Chromium version: 52
11:36:03.545 [main] DEBUG App - Calling MediaSyncAdapter.updateSyncPreferences. syncPath: null
11:36:03.862 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.863 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon72.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.868 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon114.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.869 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.870 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the stylesheet 'file:///android_asset/www/css/all.css' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.880 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/cordova.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.882 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/bower_components/requirejs/require.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.884 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/scripts/site.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.894 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
  • Like 1
Posted

Thanks for the report.

  • Like 1
Posted

Eh, I was able to get around this by disabling 'Chrome Dev' as the WebView Implementation in Developer Options.

Posted

Thanks for the report.

 

You're lightning fast man!

 

Doubt any other users will experience the error, but, I believe these Security Policies will start being enforced in newer versions of Chrome's WebView.

Posted

Probably webview + nougat. I've got 53 right now and haven't seen that, but maybe I will once the OS is updated.

Posted

 

Summary: The Emby Android app is no longer working on Android 7.0 Nougat due to webview's Content Security Policy.

 

Device: Nexus 6P

 

 

Still waiting for Nougat to arrive on my Nexus 6 :(

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...