I’m trying to port a web-based Smart TV app to Vega OS by loading it inside a web view. So far it’s been going well, but there’s one major problem: I’m unable to run a DRM-protected video when the web app is started from a local file.
I created a minimal reproducible example app: it renders a web view with a HTML file, and the HTML file loads a Widevine-protected video with Shaka Player. The playback works when I run the file from a remote server, but fails when using the local URL (the app can switch between local and remote variants). The error presented is “EME use is not allowed on unique origins“.
I know it’s a standard browser behavior to block DRM playback when running over file://, but on other Smart TV platforms, like Samsung Tizen or LG webOS, it works normally when an app is packaged. It makes much more sense for a TV app to be self-contained in a single bundle with both HTML and React Native code. While we could switch to hosting our index.html on a remote server as a last resort, this would only work for production/staging releases, giving us no way to build standalone debug versions for internal testing.
Is there a known way to enable DRM playback from a local HTML file, or are there any plans to support it?
Thank you for reaching out and for the detailed explanation of your DRM playback issue with local file serving in your Vega OS web view app.
I appreciate you providing the minimal reproducible example—it really helps us understand the challenge you’re facing with the “EME use is not allowed on unique origins” error when loading Widevine-protected content from local files.
Our team is currently investigating this issue and will provide an update as soon as we have more information.
Thank you for your patience while we investigated this issue.
DRM content playback from file:// URLs is not supported in WebView or any Chromium-based product. Chrome restricts CDM (Content Decryption Module) access from insecure origins, and file:// is considered an insecure origin. This is standard browser security behavior that cannot be bypassed.
Workaround: You can use a React Native player (like Shaka Player) with an onMessage bridge. Load the player from the React Native side when needed, then return to the WebView when playback completes. This works because DRM is called on the RN side instead of from file://.
Note: This workaround has security considerations and should be evaluated carefully for your use case.
We appreciate your detailed bug report and minimal reproducible example - it helped us investigate thoroughly.