Integrity hash failing

[ghost]

I am getting the already mentioned issue , in Chrome (Version 50.0.2661.86 (64-bit) Safari (Version 9.1 (11601.5.17.1)) Firefox (41.0.1) I get a white page , and in the console :

Failed to find a valid digest in the 'integrity' attribute for resource
'https://www.my-orientation.com/assets/vendor-3490848894f35dc09a765bd6d92c451d.js'
with computed SHA-256 integrity 'CEWiFoCoI5mT8LnEhhETXdTArxMyLvhThCtMTVrylUg='.
The resource has been blocked.

my environment ember-cli: 2.5.0 node: 5.10.1 os: darwin x64

using

` "ember-cli-deploy": "0.6.1", "ember-cli-deploy-build": "0.1.1", "ember-cli-deploy-display-revisions": "0.2.1", "ember-cli-deploy-gzip": "0.2.3", "ember-cli-deploy-revision-data": "0.2.1", "ember-cli-deploy-rsync": "0.0.4", "ember-cli-deploy-ssh-index": "0.2.2",

"ember-cli-sri": "^2.1.0",

`

When I disable SRI

SRI: {
  enabled: false
}

and transfer the code via scp , it's running fine ...

[stefanpenner]

@erwin16 i suspect something i modifying the file, breaking the SRI constraint.

[jamesarosen]

Later: I just found #18, which seems to be my issue.

I'm experiencing this as well and have narrowed it down to the following.

When I run ember build --environment=production, I get the following in my index.html:

<script src='assets/tango-e3ee3d89974185f03be7c22441f123c3.js'></script>

When I make some changes to my config/environment.js, I get the following instead:

<script src='assets/tango-86339726c6eb7751172b46139d440d4f.js' integrity="sha256-B3zGg4+XDaioXj4HaP+q/TKttRiLc0Vmz+XNI2/v9uw= sha512-HUXEjTVjim0+8C4YHHss0ed7xtTGoJ2QVYtg543HHHyzTzcAmlG0i4G3sW5Y60BopybswsIZ3umLTQdDArxCmg==" ></script>

The only changes are

// BEFORE, working:
var ENV = {
  ...
  baseURL: '/canary/',
  ...
};

// AFTER, broken:
var ENV = {
  ... // no baseURL
};

That is, removing baseURL causes this library to start adding integrity to the app.js <script> tag. Not to any of the other tags, though.

[bdougie]

I am having trouble following along. I add the below to my ember-cli-build, but not sure the implications of setting SRI.enabled to false -- All my assets are local and I not using anything 3rd party

This

 var app = new EmberApp(defaults, {
    SRI: {
      enabled: false,
    },
  });

[Cryrivers]

hi i can confirm this issue is still happening. any further investigation needed?

[abbasovalex]

It seems, I have the same problem. My steps are:

1. Remove dist folder
2. Run ember build --prod
3. Open index.html and see the value of integrity attribute
4. Run cat dist/assets/my_filename | openssl dgst -sha256 -binary | openssl enc -base64 -A
5. Compare result => they are different.
6. Upload my app to Chrome Store
7. Compare from Crome console after approve and my => they are identical (Chrome calculate the same value as me)

[grounded-warrior]

I am still getting this as well with ember-cli-sri: ^2.1.0 and ember-cli: 2.11

[mlb5000]

I can confirm that this is still an issue with ^2.1.0 and Ember CLI 2.16.2. Building normally using ember build --prod and deploying to Azure does not work (integrity failures). However if I run the step number 4 from @abbasovalex's comment and update the originally generated index.html to the new hash value it works fine.

Either something changed with the hash generation process itself that needs to be updated, or something else is modifying the tree after the SLI hash is generated. Unfortunately you can't observe the entire build pipeline with Ember-CLI in order to see order in which plugins are executed...