15

I have an emberjs application which has been deployed and in google chrome browser im getting the following errors for 2 of the .js files.

Failed to find a valid digest in the 'integrity' attribute for resource 'http://staging.org.com/assets/vendor-0ada2c9fb4d3e07ad2f0c6a990945270.js' with computed SHA-256 integrity 'Sb4Xc/Oub27QW0MKlqK0sbq0Mm476jU7MgJaCzd/gKk='. The resource has been blocked

When i inspect the file i can see script tags for the two .js files in question. I'm not 100% sure how this integrity check works. You can see the integrity attribute below with the sha's.

<script src="/assets/vendor-0ada2c9fb4d3e07ad2f0c6a990945270.js" integrity="sha256-s3XY9h9v9IThygF6UkWRvWZsf7zeTqYJ1rLfDgg1bS0= sha512-k3lfqdeZw3OcsECfD3t99Hidh6IoRlFSoIu5nJk0FkLYHwx0q/rddirj4jh4J73dmLwKfG9mx0U5Zf6ZzRBsvA==" ></script>
<script src="/assets/g-web-56670cf0485cf52f54589091e2a25cc8.js" integrity="sha256-jNmWqO61OPijscQ5cHVSbB1Ms5wKX78ZACYdhrUo3X4= sha512-oiksgRFsqgHaCvXPvd3SAsUuX4zPeVClQBIgrOgIKNBMa3hPqCHknoFqDGRtSyfN4EdIkfk/x1zSqBqRvONAGQ==" ></script>

The emberjs application is built using a docker image, deployed to kubernetes and an aws elb running haproxy is handling the routing for this application such that when i navigate to staging.x.com it routes to the internal dns in kubernetes of this service (emberjs web app).

What's interesting to note;

  1. Running ember serve locally works and the applications loads fine.
  2. Building and running the docker image locally works and the applications loads fine.

The issue is only occurring on my deployed staging environment.

Kay
  • 17,906
  • 63
  • 162
  • 270
  • I am having the same issue with a Blazor app deployed to our testing environ. Let me know if you resolved this. Thanks! – Andrew Borst Jun 25 '20 at 14:22
  • 1
    @AndrewBorst I solved it, it had something to do with haproxy settings. I removed some uncessary things in haproxy which happend to be conflicting with serving of the static contnet causing this integrity fail. – Kay Jun 25 '20 at 14:29
  • Anybody else having pain with this: make sure character encoding is what you'd expect it to be on the front end. I know at least MS products like Azure like to apply their own if CE isn't specified, even though JS should probably be UTF-8 by default. – Erik Reppen Sep 18 '20 at 20:58

2 Answers2

8

I got this error when deploying a Blazor WebAssembly app.

Failed to find a valid digest in the 'integrity' attribute for resource

And then it showed several NuGets. Manually deleted all bin and obj folders in the solution and then redeployed. After this everything worked.

https://github.com/dotnet/aspnetcore/issues/28692#issuecomment-783333400

Ogglas
  • 62,132
  • 37
  • 328
  • 418
4

Ember uses Subresource Integrity (SRI) by default to increase the security of applications built with the framework.

The Mozilla Development Network has a good explanation of SRI:

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

The hash described there is generated and injected into the index.html at build time of the Ember application. If any part of your stack (deployment, web server, proxy etc.) modifies the file, the hash in index.html won't match the hash of th served file anymore. The Browser will therefore block the execution of that asset and throw the error you mentioned in your question instead.

The documentation of ember-cli-sri, which provides the integration in Ember build pipeline warns about that one:

In code that uses SRI, you MUST NOT tamper with the built output JavaScript files as code will not load.

Leniel Maccaferri
  • 100,159
  • 46
  • 371
  • 480
jelhan
  • 6,149
  • 1
  • 19
  • 35
  • Helped me resolved a problem where I hand edited an html file on the web server which broke the PWA application. The browser blocked the page from fetching resources because the page hash was invalid. +1 – Yogi May 15 '21 at 08:38