search

jonathanKingston / ember-cli-sri

Generation of SRI hashes for ember
MIT License
48 stars 15 forks source link

Chrome 45 throwing error about vendor.js integrity #6

Closed toranb closed 8 years ago

toranb commented 8 years ago

Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:7357/assets/vendor.js' with computed SHA-256

I noticed the canary issue (currently open) asked that another issue be opened for anything else. I've done the testem.js workaround but this vendor.js issue just pop'd up today.

I've ember installed this addon w/ the following config

    var app = new EmberApp({
        'SRI': {
          crossorigin: 'anonymous'
        }
    })

Also -I'm running ember-cli 1.13.8 / and ember 2.0.1

If I've configured this wrong / incorrect / don't have a clue please help me so I can help others :)

jonathanKingston commented 8 years ago

@toranb are you using moment.js by any chance or a file with lots of non-ascii unicode in?

jonathanKingston commented 8 years ago

@toranb I think this is the same as #5 which I am looking into (My hunch is it's an issue in moment or Chrome at the moment as two libs are giving the same SRI results)

toranb commented 8 years ago

@jonathanKingston thanks dude! Just glad someone is helping solve this :)

jonathanKingston commented 8 years ago

@toranb if you get chance would you be able to check out: https://github.com/jonathanKingston/sri-encoding-issue an see if the issue happens there too.

I wasn't aware 45 had SRI yet in stable; can you print your console output for both the test above and ember? Does your code have moment.js in it?

Thanks again.

dandehavilland commented 8 years ago

I'm also experiencing the same problem with Chrome 45 (45.0.2454.85 (64-bit), Mac).

I am indeed using moment.js, specifically v2.9.0 moment-with-locales.min.js.

From my app:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://[redacted]/assets/vendor-adcde4ac6247f27783e491572b268d24.js' with computed SHA-256 integrity 'YW8SFkRjqji9w6VlMG3yW1vrw7FQaQvJr1nd3TxymMM='. The resource has been blocked.
dashboard-82d5f4f4ab786c8d4a25af44768bf791.js:1 Uncaught ReferenceError: define is not defined(anonymous function) @ dashboard-82d5f4f4ab786c8d4a25af44768bf791.js:1

From sri-encoding-issue, localhost:3000:

Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:3000/moment.js' with computed SHA-256 integrity 'OFz2p6K3cxLuaT8YLCO4wAh7r-EX52k3383K3fo0HBU='. The resource has been blocked.

localhost:3000/part:

Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:3000/part2.js' with computed SHA-256 integrity 'MMKqeXNaB9Plntd34uwsBe3iDjjWckkj8yUSa_rHVfY='. The resource has been blocked.
lardawge commented 8 years ago

This is a pretty big deal. Two of our sites just gave us the white screen of death.

Took out out momentjs and still have the issue.

Workaround for now is to remove ember-cli-sri...

We have an app running on Ember 2.0 that uses moment and has no issue.

jonathanKingston commented 8 years ago

@lardawge are you using moment with locales? as that is the version that is causing the issue.

Rather than remove you can disable SRI which is slightly more convenient.

This is a pretty big deal. Two of our sites just gave us the white screen of death.

Yup doing more research into the issue right now; as mentioned in issue #5 I have filed a Chrome bug report as my current thinking is that the issue is with the libs that have these characters / Chrome itself. However the bug could also be with OpenSSL so still looking into this. https://code.google.com/p/chromium/issues/detail?can=2&q=SRI&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Cr%20Status%20Owner%20Summary%20OS%20Modified&id=527286&thanks=527286&ts=1441162021

I'm closing this in favour of #5 as the duplicate issue isn't helping here.