Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to find a valid digest in the 'integrity' attribute for resource #224

Closed
robinboening opened this issue Nov 14, 2015 · 17 comments
Closed

Failed to find a valid digest in the 'integrity' attribute for resource #224

robinboening opened this issue Nov 14, 2015 · 17 comments

Comments

@robinboening
Copy link

I get this error on heroku (not locally)

Failed to find a valid digest in the 'integrity' attribute for resource 'http://rubyissues.herokuapp.com/assets/rubyissues-dc683ef8d41f45e5fdafceda1a26598f.css' with computed SHA-256 integrity 'vGH6uxiZBXnDr46nPJPx2/V82if1Sij2FDhPgXSk6xI='. The resource has been blocked.

It seems to be similar to this: ember-cli/ember-cli#5040, but I can not fix it by adding an empty integrity attribute to the link tag. (I can see another integrity attribute is added automatically)

I am posting here because I broke the issue down to one of the @import statements in my app.scss:
The @import 'ember-paper'; - When I remove this line its working.

Seems to be an issue in chrome only. No problem when using Firefox.
@mike1o1
Copy link
Contributor

mike1o1 commented Nov 14, 2015

I had a similar issue running in production, and just ended up adding the empty integrity tag to every script and link tag. It resolved it for me. Don't think there's much we can do on our end here.

Here is what my index works, and this is working fine for me. Did you add it to all tags?

Note I haven't tested with the latest ember-cli, but this is working for me

<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <title>Client</title>
    <meta name="description" content="">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    {{content-for 'head'}}

    <link rel="stylesheet" href="assets/vendor.css" integrity="">
    <link rel="stylesheet" href="assets/client.css" integrity="">

    {{content-for 'head-footer'}}
  </head>
  <body layout="row">
    {{content-for 'body'}}

    <script src="assets/vendor.js" integrity=""></script>
    <script src="assets/client.js" integrity=""></script>

    {{content-for 'body-footer'}}
  </body>
</html>

@mansona
Copy link
Collaborator

mansona commented Jan 14, 2016

This issue is probably caused by some encoding problem somewhere in the included files, take a look here to follow the progress of the bug jonathanKingston/ember-cli-sri#5 .

The simplest way to "solve" this while we're waiting for it to get fixed is to just remove the "ember-cli-sri": "^1.0.1", line from your package.json and it will no longer add the integrity attribute 👍

@jonathanKingston
Copy link

@mansona you will have trouble in old Chrome's if you don't have >1.1 anyway as that was actually Chromes issue. Removing security really isn't a good solution here please can I ask you not to advocate that. The bug you linked to talks about the issue there.

However all these issues are gone and actually ember-cli-sri is back in the stance of never disabling itself any more as Chrome has a stable implementation of SRI. Can I ask all three of you to ember install ember-cli-sri@2.0.0? Also removing any integrity=""'s from files unless they are generated on the fly (like testem.js)

That way you all get better security and this issue can be closed if it's ok. 😄

@mival
Copy link

mival commented Feb 11, 2016

I have also this issue. I am using ember-cli 2.3.0-beta.2, ember-paper 0.2.11, ember-cli-sri 2.0.0. Testing in Chrome 48.0.2564.109 Windows/Linux and Firefox 44.0.1 Linux and integrity check fails. After disabling ember-paper integrity check is working fine. Currently for me only working solution is disabling ember-cli-sri.

@jonathanKingston
Copy link

@mival do you have any other addons installed that might output the shape of your code before publishing?

@mival
Copy link

mival commented Feb 12, 2016

@jonathanKingston I use new ember-cli generated app and only install ember-paper. Config files attached.

bower.json.txt
package.json.txt

@DanChadwick
Copy link
Contributor

@jonathanKingston - I have the identical issue, using ember-cli-sri@2.0.0. I removed node_modules, bower_components, dist, and temp; npm and bower cache clean; npm and bower install. The hashes on the .js files are fine, but those on the style sheets are not, in both FireFox 44.0.2 and Chrome 48. Windows 10. I'm wondering if it is related to the sass or less build process. I'm also using ember-table, which uses less. I'm happy to provide any additional data or try any experiments to help diagnose this.

@jonathanKingston
Copy link

@DanChadwick yeah less and/or sass could be running after sri calculation which certainly would give you a bad time. There has been an update to fix unicode issues but I can't see that solving anything for you. A smaller example would help right now as my time is a little limited. Thanks!

elwayman02 added a commit to elwayman02/ember-data-echonest that referenced this issue Feb 29, 2016
@elwayman02
Disable ember-cli-sri for now
75c1967 
miguelcobain/ember-paper#224
@ehntoo
Copy link

ehntoo commented Mar 17, 2016

I also hit this issue today. I don't have any dependencies on LESS, so this may be an issue with SASS alone?

For my app, disabling SRI entirely was an acceptable solution, so that's the route I've taken for now. I'd be willing to help test out fixes if anyone else needs a test subject, though.

@JeffreyRuder
Copy link

I've also run into this issue recently. I likewise disabled SRI since the app is not being used in a production environment.

@MiguelMadero
Copy link

I got the same today, with the latest of everything and sri#^2.1.0. That's an OS project see https://github.com/MiguelMadero/ember-cli-bundle-loader-consumer, so it could help as a good test case.

Since this is just a demo, I simply blanked the integrity attribute

@chbonser
Copy link
Contributor

I ran into this same issue today (css files fail for SRI check in any browser when using ember cli 2.4 and ember paper). Here is what I discovered...

ember-paper runs autoprefixer in a postprocessTree hook. ember-cli-sri runs its magic in the same hook. Because ember-cli-sri was before ember-paper in my package.json, sri runs before autoprefixer. Oops.

As a short term fix, rather than blank the integrity attribute you can move ember-paper before ember-cli-sri in your package json.

I'll submit a PR shortly to ensure that ember-paper installs after ember-cli-sri so that the package.json order doesn't matter.

@DanChadwick
Copy link
Contributor

@chbonser: Awesome! Can you submit the PR against branch wip/v1.0.1, where development is focused?

@chbonser
Copy link
Contributor

@DanChadwick did you mean wip/v1.0.0?

@DanChadwick
Copy link
Contributor

DanChadwick commented Apr 14, 2016
edited
Loading

@chbonser: Just planning ahead. 😜 Yes.

@chbonser
Copy link
Contributor

See PR #337. The build failed but it doesn't look like something that I caused. Please let me know if you need anything else from me.

@miguelcobain
Copy link
Owner

Closed by #337

@kalebdf kalebdf mentioned this issue Apr 25, 2016
Closed
@zacstewart zacstewart mentioned this issue May 13, 2016
Closed
@nwestbury nwestbury mentioned this issue Jun 3, 2016
Closed
@benjaminkreen benjaminkreen mentioned this issue Aug 28, 2017
Merged
5 tasks
@Gan-Jason Gan-Jason mentioned this issue Jul 27, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests