django-sri icon indicating copy to clipboard operation
django-sri copied to clipboard

Published 20 hours ago verified publisher icon RealOrangeOne

Error in Combination with Whitenoise in Django

Open BiruStudios opened this issue 2 years ago • 1 comments
trafficstars

Hi, I'm trying to use this package in combination with whitenoise. every time I launch my app the browser always refuses to load my static files with the error "filed to find a valid digest in the 'integrity' attribute for resource ". so far I have tested this package on 5 of my CSS files, 1 bootstrap.css + 3 fontawesome.css + 1 my-site.css. Out of those 5 files, only bootstrap.css is loaded by the browser, the remaining are refused. After a little bit of investigation, I found that the integrity attribute's value outputted in the HTML is different from the one being evaluated by the browser. For example, index.html

<link crossorigin="anonymous" href="/static/home/css/my-site.css" integrity="sha512-GG4sC/4GQsd1r0sXkr0I6cwTZCB1upbMybxD3agscaBX8BOX9IQQyfOqZfX//Z49t2e0u5NbbnBDO6ABGnCtUQ==" rel="stylesheet" type="text/css"/>
<link crossorigin="anonymous" href="/static/fonts/fontawesome-all.min.css" integrity="sha512-HHwKq7saKrGPCHieLofpt4AsI/OYFTVsra9mBimKDJeM//F4yP35Tms3Tj+QetdJgcPxedlzWC2w2qDSdGMujw==" rel="stylesheet" type="text/css"/>

console log

127.0.0.1/:1 Failed to find a valid digest in the 'integrity' attribute for resource 'http://127.0.0.1:8000/static/home/css/my-site.css' with computed SHA-512 integrity 'VQzFTxndLuJU0O201uJZbuSKtlF6RmM/G2LieKu+UB2XM36D4p6lFSK9CRqXb9S/FVLmelzW5q/te2Rq/J2oGw=='. The resource has been blocked.
127.0.0.1/:1 filed to find a valid digest in the 'integrity' attribute for resource 'http://127.0.0.1:8000/static/fonts/fontawesome-all.min.css' with computed SHA-512 integrity '0FCInaWP5g0YTtgrftFRJrLPwUPsAwGLYAEbhhmOyleGWfxiseFAuV4ifxaekiQ1luaRZ7amW8fPIo96ijocUQ=='. The resource has been blocked.

What I've tried to solve the issue:

  1. Clear browser data
  2. Forced refresh (Ctrl+F5)
  3. Disable my browser extensions
  4. Removing third-party javascript, I was suspecting one of the scripts altering my CSS files
  5. I also add a print statement in your calculate_integrity function, the values are the same as the values outputted in the HTML

The only solution that actually fixed my problem is removing whitenoise package. Yet in your documentation you say

"Does this work with whitenoise or alike?"
Yes. django-sri outputs the static file URL in the same way the builtin static template tag does. This means the correct cachebusted URLs are output.

When using a manifest STATICFILES_STORAGE, django-sri will automatically retrieve the hashed and post-processed file as opposed to the original.

Here is my setting.py

DEBUG = True
INSTALLED_APPS = [
    .....
    'whitenoise.runserver_nostatic', #for local development
    'django.contrib.staticfiles',
    .....
    'sri',
]

MIDDLEWARE = ['django.middleware.security.SecurityMiddleware',
              'whitenoise.middleware.WhiteNoiseMiddleware',
              .......
              ]

STATIC_ROOT = os.path.join(BASE_DIR, 'staticfiles')
STATIC_URL = "/static/"

STATICFILES_DIRS = [
    BASE_DIR / "static",
]

MEDIA_URL = 'media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

STORAGES = {
    "default": {
        "BACKEND": "django.core.files.storage.FileSystemStorage",
    },
    'staticfiles': {
        "BACKEND": "whitenoise.storage.CompressedManifestStaticFilesStorage",
    }
}

USE_SRI = True

Is there anything I did wrong?

BiruStudios avatar May 09 '23 04:05 BiruStudios

It definitely works with whitenoise - I've had it running on my site for a while. Do make sure you're on the latest version though.

I'm not seeing anything obvious. I think first steps would be to work out what file's integrity is being returned, by debugging the output of get_static_path. It's possible it's somehow picking up the incorrect file and you're getting the wrong hash.

RealOrangeOne avatar May 09 '23 12:05 RealOrangeOne

Closing due to lack of information.

RealOrangeOne avatar Jul 02 '24 20:07 RealOrangeOne