Failed to find a valid digest in the 'integrity' attribute for resource with computed SHA-384 integrity. The resource has been blocked.

rrubio commented 6 months ago

Hi Guys,

I'm getting the following message for files "css, js". I'm using NuxtJS3, works on my machine (famous last words lol). But the issue occurs when deployed to the server. Any ideas?

Failed to find a valid digest in the 'integrity' attribute for resource with computed SHA-384 integrity. The resource has been blocked.

This is are my settings -

  security: {
    nonce: true,    
    headers: {      
      crossOriginEmbedderPolicy: process.env.NODE_ENV === 'development' ? 'unsafe-none' : 'require-corp',            
      contentSecurityPolicy: {
        "img-src": [
          "'nonce-{{nonce}}'",
          "https://0.0.0.0:8081/",
          "...Other-Domains",
        ],
        "script-src": [
          "'nonce-{{nonce}}'",
          "'strict-dynamic'",
          "https://0.0.0.0:8081/",
          "...Other-Domains",
        ]
      }    
    },
  },

I can also see the "nonce" generated -

Baroshem commented 6 months ago

Hey Buddy,

Check out this issue as I think it is related to the same subject

https://github.com/Baroshem/nuxt-security/issues/297

rrubio commented 6 months ago

Thank you @Baroshem that fixed the issue. See final setup below -

Basically add 'sri:false".

  security: {
    hidePoweredBy: true,
    nonce: true,    
    sri: false,
    headers: {      

      contentSecurityPolicy: {
        "img-src": [
          "'nonce-{{nonce}}'",
          "https://0.0.0.0:8081/",
          "https://localhost:8081/",
          "...otherDomains",
        ],
        "script-src": [
          "'nonce-{{nonce}}'",
          "'strict-dynamic'",
          "...otherDomains",
        ]
      },      
    },
  },

Baroshem / nuxt-security

Failed to find a valid digest in the 'integrity' attribute for resource with computed SHA-384 integrity. The resource has been blocked. #331