kenetik 1 Posted August 23, 2016 Posted August 23, 2016 Summary: The Emby Android app is no longer working on Android 7.0 Nougat due to webview's Content Security Policy. Device: Nexus 6P Android Build: 7.0 NRD90M (Factory Image) Video: YouTube Link Android App Log: 11:36:03.190 [main] INFO App - Searching for com.google.android.webview 11:36:03.194 [main] INFO App - com.google.android.webview version name: 52.0.2743.98 11:36:03.195 [main] INFO App - com.google.android.webview version code: 275609850 11:36:03.195 [main] INFO App - Parsing 52 to determine chromium version 11:36:03.196 [main] INFO App - Chromium version: 52 11:36:03.407 [main] DEBUG App - AndroidSyncFileRepository started. syncPath: /storage/emulated/0/Android/data/com.mb.android/files/sync 11:36:03.539 [main] INFO App - Searching for com.google.android.webview 11:36:03.540 [main] INFO App - com.google.android.webview version name: 52.0.2743.98 11:36:03.542 [main] INFO App - com.google.android.webview version code: 275609850 11:36:03.543 [main] INFO App - Parsing 52 to determine chromium version 11:36:03.544 [main] INFO App - Chromium version: 52 11:36:03.545 [main] DEBUG App - Calling MediaSyncAdapter.updateSyncPreferences. syncPath: null 11:36:03.862 [main] INFO App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.863 [main] INFO App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon72.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.868 [main] INFO App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon114.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.869 [main] INFO App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.870 [main] INFO App - file:///android_asset/www/index.html: Line 1 : Refused to load the stylesheet 'file:///android_asset/www/css/all.css' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.880 [main] INFO App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/cordova.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.882 [main] INFO App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/bower_components/requirejs/require.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.884 [main] INFO App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/scripts/site.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback. 11:36:03.894 [main] INFO App - file:///android_asset/www/index.html: Line 0 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback. 1
kenetik 1 Posted August 23, 2016 Author Posted August 23, 2016 Eh, I was able to get around this by disabling 'Chrome Dev' as the WebView Implementation in Developer Options.
kenetik 1 Posted August 23, 2016 Author Posted August 23, 2016 Thanks for the report. You're lightning fast man! Doubt any other users will experience the error, but, I believe these Security Policies will start being enforced in newer versions of Chrome's WebView.
Luke 38818 Posted August 23, 2016 Posted August 23, 2016 Probably webview + nougat. I've got 53 right now and haven't seen that, but maybe I will once the OS is updated.
CBers 6959 Posted August 23, 2016 Posted August 23, 2016 Summary: The Emby Android app is no longer working on Android 7.0 Nougat due to webview's Content Security Policy. Device: Nexus 6P Still waiting for Nougat to arrive on my Nexus 6
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now