Jump to content

Emby on Android 7.0 Nougat does not work. (Fails CSP)


kenetik

Recommended Posts

kenetik

Summary: The Emby Android app is no longer working on Android 7.0 Nougat due to webview's Content Security Policy.

 

Device: Nexus 6P

 

Android Build: 7.0 NRD90M (Factory Image

 

Video: YouTube Link

 

Android App Log:

11:36:03.190 [main] INFO  App - Searching for com.google.android.webview
11:36:03.194 [main] INFO  App - com.google.android.webview version name: 52.0.2743.98
11:36:03.195 [main] INFO  App - com.google.android.webview version code: 275609850
11:36:03.195 [main] INFO  App - Parsing 52 to determine chromium version
11:36:03.196 [main] INFO  App - Chromium version: 52
11:36:03.407 [main] DEBUG App - AndroidSyncFileRepository started. syncPath: /storage/emulated/0/Android/data/com.mb.android/files/sync
11:36:03.539 [main] INFO  App - Searching for com.google.android.webview
11:36:03.540 [main] INFO  App - com.google.android.webview version name: 52.0.2743.98
11:36:03.542 [main] INFO  App - com.google.android.webview version code: 275609850
11:36:03.543 [main] INFO  App - Parsing 52 to determine chromium version
11:36:03.544 [main] INFO  App - Chromium version: 52
11:36:03.545 [main] DEBUG App - Calling MediaSyncAdapter.updateSyncPreferences. syncPath: null
11:36:03.862 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.863 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon72.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.868 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/touchicon114.png' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.869 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.870 [main] INFO  App - file:///android_asset/www/index.html: Line 1 : Refused to load the stylesheet 'file:///android_asset/www/css/all.css' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.880 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/cordova.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.882 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/bower_components/requirejs/require.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.884 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the script 'file:///android_asset/www/scripts/site.js' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'script-src' was not explicitly set, so 'default-src' is used as a fallback.

11:36:03.894 [main] INFO  App - file:///android_asset/www/index.html: Line 0 : Refused to load the image 'file:///android_asset/www/css/images/favicon.ico' because it violates the following Content Security Policy directive: "default-src * 'unsafe-inline' 'unsafe-eval' data: filesystem:". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
  • Like 1
Link to comment
Share on other sites

kenetik

Thanks for the report.

 

You're lightning fast man!

 

Doubt any other users will experience the error, but, I believe these Security Policies will start being enforced in newer versions of Chrome's WebView.

Link to comment
Share on other sites

Probably webview + nougat. I've got 53 right now and haven't seen that, but maybe I will once the OS is updated.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...