Encoding mismatch

[jonathanKingston]

As @Keeo raised here: https://github.com/jonathanKingston/ember-cli-sri/issues/4#issuecomment-136375407

That was pain to find but I finally got it. Project was indeed poisoned with win-1250 encoding, but fixing that doesn't fixed the problem for me. After diffing my project with clean one I found out that problem is causing moment library included with locales. I made clean repository showcasing this issue.

The output I am getting for ember build --env=production are:

    <link rel="stylesheet" href="assets/vendor-d41d8cd98f00b204e9800998ecf8427e.css" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==" >
    <link rel="stylesheet" href="assets/ember-sri-moment-d41d8cd98f00b204e9800998ecf8427e.css" integrity="sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= sha512-z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5H0NE8XYXysP+DGNKHfuwvY7kxvUdBeoGlODJ6+SfaPg==" >
    <script src="assets/vendor-5421a7c30be1d14a5e49b2d44cd3e97f.js" integrity="sha256-WBl68hmGSYWBjMr7TTsGZi+9v8AGh/HVpwIXFmYxZO4= sha512-w7zjbLkStuQs9a+mRoATDaB9nmEiAnBiGeQ9X5RoYPV34dqcHArOYC/R+7DbY00oa5iRNrzl6JBqbUNwnIXETw==" ></script>
    <script src="assets/ember-sri-moment-ecff39730d01a0a7cc2dcf965387beab.js" integrity="sha256-G3oh7BewjqPE3eyuUqY4bCEDPOGt/AMKe8Of/9a+OYA= sha512-7psoL36Ppc+R279evAFZyE5EG05zbluT6h9psIc/4myamOUnbItLYh42s8AqlIIscxM7l0poL6TLDr3hJiAhng==" ></script>

This seems to be ok when comparing it to the toolbox I use which means there isn't a race condition in play here.

In Chrome 46 Linux this however fails too (reopening as a new issue as I think its likely fairly serious).

[jonathanKingston]

@SlexAxton I think this is similar to what you were seeing. I have a hunch that because the app isn't always sending the UTF8 encoding in the headers Chrome isn't picking that up (trying to fix in express first).

However I think @metromoxie might find this an interesting test case (I have kept the issue from you without a simple reproducible test case that you can dismiss or accept).

Replication steps:

• git clone git@github.com:Keeo/ember-sri-moment.git
• cd ember-sri-moment; npm install; bower install; ember serve --env=production
• Use latest Chrome to check SRI;

[jonathanKingston]

Forcing the Content-type encoding doesn't fix this issue as I thought it might :(. Adding in charset="UTF-8" into the tag didn't help either.

[jonathanKingston]

'জানুয়ারী_ফেবুয়ারী_মার্চ_এপ্রিল_মে_জুন_জুলাই_অগাস্ট_সেপ্টেম্বর'

'য়া'

[jonathanKingston]

This is a simpler reproduction of the issue:

https://github.com/jonathanKingston/sri-encoding-issue

From what I can see this is an issue with Chrome however will contact the core Chrome team to confirm.

[jonathanKingston]

Chrome issue filed: https://code.google.com/p/chromium/issues/detail?id=527286

[jonathanKingston]

This code in the repository that does the work (broccoli-sri-hash) should fix it: https://github.com/jonathanKingston/broccoli-sri-hash/commit/95c8842c84c0451b3838694cb41d17781de1a4bc

Hesitant to push without more testing; however people are welcome to check. It should just turn off SRI for non ascii files.

[Keeo]

:+1: It works for me.

[jonathanKingston]

@Keeo thanks so much for checking.

v1.1.0 has now been published which should fix this along with the gzip issue fixed by @taylon

[lardawge]

:+1: 1.1.0 is working. Thanks!

[jonathanKingston]

This issue will remain open until the hack can be removed as all it is doing is turning off potentially offending code.

Thank you for confirming @lardawge

[jerel]

Fwiw I installed v1.1.0 and still got an SRI error in Chrome 45 in testing mode. Removing this addon fixed it and I haven't had time to look further into it.

[jonathanKingston]

@jerel your issue is #2 which @stefanpenner kindly solved within Ember: https://github.com/ember-cli/ember-cli/pull/4796

[amkirwan]

v1.1.0 fixes the integrity check problems I was having in Chrome 45 :+1:

[stefanpenner]

@BrianTMaurer it looks like the chrome guys are working on a fix.

[BrianTMaurer]

@stefanpenner Thanks, is there a suggested quick fix to turn off SRI on vendor.js or something?

[stefanpenner]

@BrianTMaurer you can uninstall the addon.

[jonathanKingston]

It turns itself off if its on the latest version?

On Fri, Sep 18, 2015 at 4:10 PM Stefan Penner notifications@github.com wrote:

@BrianTMaurer https://github.com/BrianTMaurer you can uninstall the addon.

— Reply to this email directly or view it on GitHub https://github.com/jonathanKingston/ember-cli-sri/issues/5#issuecomment-141478934 .

[elwayman02]

v1.1.0 does not fix this issue for me, @jonathanKingston. Any advice?

[jonathanKingston]

@elwayman02 what is the error you are getting. Sorry for the delay?

[jonathanKingston]

This should no longer be an issue. Chrome fixed the issue etc please let me know if other issues are happening etc.

[benoror]

@jonathanKingston just wanted to warn I had a similar issue with a CSS (ember-bootstrap) resource: https://github.com/poetic/ember-cli-github-pages/issues/45

Chrome Version 49.0.2623.39 beta-m (64-bit)

Fixed it by bypassing integrity check,

[jonathanKingston]

@benoror any issue with Firefox? This basically shouldn't happen ever... are you able to set it up again on a sub domain or example url etc?

[benoror]

@jonathanKingston I couldn't reproduce the issue in a separate repo:

• http://benoror.com/test_ember-cli_bootstrap_gh-pages/
• https://github.com/benoror/test_ember-cli_bootstrap_gh-pages/commits/master

However I was able to reproduce the issue in my main repo by removin integrity="" stuff:

• http://benoror.com
• https://github.com/benoror/benoror.github.io/commit/c21a3f241a62614c0f03fb3d144d41b14c609625

I will keep it broken until you can take a look, let me know if there's something else I can do to help.

Disclaimer: I am new to Ember.js development, there's a big chance I'm screwing it somewhere else, anyway it felt right to report it :see_no_evil:

Cheers!

[jonathanKingston]

@benoror this isn't the same issue certainly as the one mentioned in this issue... I can reproduce it in Firefox which likely means the files hash is wrong.

Feel free to put it back now to fix your site haha (I'm seeing a broken <div id="content"? in the source also)! It's a little late here so can't dig much further. However as a rule any manipulation of the JS files after ember has been built will cause this issue, so look out for scripts that mess with whitespace in any shape or form.

Thanks for checking this out and making a reproduction case also!

[benoror]

@jonathanKingston no prob! sorry for the noise, good night! :night_with_stars:

[jonathanKingston]

Humour me could you try adding it back in now the HTML is fixed, I'm wondering if HTML's error correction was breaking it.

[benoror]

sure, done, still failing :astonished:

[jonathanKingston]

Nevermind was worth a thought. How are you deploying that code to github? I just downloaded the raw file served by github and used the underlying code of this library and it results in a different hash output... so something is different with the code before it hits the server I think.

[benoror]

https://github.com/poetic/ember-cli-github-pages

On Tue, Feb 9, 2016, 19:35 Jonathan Kingston notifications@github.com wrote:

Nevermind was worth a thought. How are you deploying that code to github? I just downloaded the raw file served by github and used the underlying code of this library and it results in a different hash output... so something is different with the code before it hits the server I think.

— Reply to this email directly or view it on GitHub https://github.com/jonathanKingston/ember-cli-sri/issues/5#issuecomment-182161749 .

Sent from my phone (sorry for possible typos) Benjamin Orozco - benoror.com

[jonathanKingston]

Hmm looks fine :/

[ColtonProvias]

The issue was happening here and seemed to be random, so here's what I did to fix it (for anybody else Googling this). Google Chrome 50.0.2661.102 (64-bit) on Mac OS X 10.11.6 Beta.

ember-cli-sri appears to calculate the SHA256 and SHA512 hashes just fine but randomly Chrome seems to throw a fit about integrity checking. Out of curiosity I downloaded a local copy from ember server of the problem file and the version being served. What I noticed was that in the local copy from Ember some comments were still preserved from ember-cli-uglify, whereas the production file causing the issue was missing them. I'm using CloudFlare as a proxy, which was configured to further minify source files.

Solution for CloudFlare users: Turn off the minifying on CloudFlare and purge the cache. This should fix the integrity issue.

[bpang]

ColtonProvias- I came upon the same solution today as well. I replicated the issue in Chrome, FireFox, and Safari. At first I tested by putting cloudflare into dev mode and things were fine. Turning cloudflare caching back on and turning off cloudflare minification for js resolved the issue. An ember build --environment=production already should minify the js anyway. I didn't see the same issue in our staging environment since SRI is not active.