Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Failed to find a valid digest in the 'integrity' attribute for resource on a deployed emberjs application

I have an emberjs application which has been deployed and in google chrome browser im getting the following errors for 2 of the .js files.

Failed to find a valid digest in the 'integrity' attribute for resource 'http://staging.org.com/assets/vendor-0ada2c9fb4d3e07ad2f0c6a990945270.js' with computed SHA-256 integrity 'Sb4Xc/Oub27QW0MKlqK0sbq0Mm476jU7MgJaCzd/gKk='. The resource has been blocked

When i inspect the file i can see script tags for the two .js files in question. I'm not 100% sure how this integrity check works. You can see the integrity attribute below with the sha's.

<script src="/assets/vendor-0ada2c9fb4d3e07ad2f0c6a990945270.js" integrity="sha256-s3XY9h9v9IThygF6UkWRvWZsf7zeTqYJ1rLfDgg1bS0= sha512-k3lfqdeZw3OcsECfD3t99Hidh6IoRlFSoIu5nJk0FkLYHwx0q/rddirj4jh4J73dmLwKfG9mx0U5Zf6ZzRBsvA==" ></script>
<script src="/assets/g-web-56670cf0485cf52f54589091e2a25cc8.js" integrity="sha256-jNmWqO61OPijscQ5cHVSbB1Ms5wKX78ZACYdhrUo3X4= sha512-oiksgRFsqgHaCvXPvd3SAsUuX4zPeVClQBIgrOgIKNBMa3hPqCHknoFqDGRtSyfN4EdIkfk/x1zSqBqRvONAGQ==" ></script>

The emberjs application is built using a docker image, deployed to kubernetes and an aws elb running haproxy is handling the routing for this application such that when i navigate to staging.x.com it routes to the internal dns in kubernetes of this service (emberjs web app).

What's interesting to note;

  1. Running ember serve locally works and the applications loads fine.
  2. Building and running the docker image locally works and the applications loads fine.

The issue is only occurring on my deployed staging environment.

like image 364
Kay Avatar asked Jun 25 '20 08:06

Kay


People also ask

What is integrity attribute in script tag?

The integrity attribute allows a browser to check the fetched script to ensure that the code is never loaded if the source has been manipulated. Subresource Integrity (SRI) is a W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been altered.


2 Answers

I got this error when deploying a Blazor WebAssembly app.

Failed to find a valid digest in the 'integrity' attribute for resource

And then it showed several NuGets. Manually deleted all bin and obj folders in the solution and then redeployed. After this everything worked.

https://github.com/dotnet/aspnetcore/issues/28692#issuecomment-783333400

like image 171
Ogglas Avatar answered Oct 22 '22 20:10

Ogglas


Ember uses Subresource Integrity (SRI) by default to increase the security of applications built with the framework.

The Mozilla Development Network has a good explanation of SRI:

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

The hash described there is generated and injected into the index.html at build time of the Ember application. If any part of your stack (deployment, web server, proxy etc.) modifies the file, the hash in index.html won't match the hash of th served file anymore. The Browser will therefore block the execution of that asset and throw the error you mentioned in your question instead.

The documentation of ember-cli-sri, which provides the integration in Ember build pipeline warns about that one:

In code that uses SRI, you MUST NOT tamper with the built output JavaScript files as code will not load.

like image 21
jelhan Avatar answered Oct 22 '22 19:10

jelhan