nuxt-security icon indicating copy to clipboard operation
nuxt-security copied to clipboard
verified publisher icon Baroshem

SRI compatibility with Nuxt 4 entryImportMap - integrity hash mismatch on dynamic imports

Open alexieremia opened this issue 2 months ago • 1 comments

Environment

- Operating System: Darwin
- Node Version:     v20.18.3
- Nuxt Version:     4.1.2
- CLI Version:      3.28.0
- Nitro Version:    2.12.6
- Package Manager:  [email protected]
- Builder:          -
- User Config:      extends, dir, i18n, cookies, nitro, compatibilityDate, vite
- Runtime Modules:  -
- Build Modules:    -

Nuxt Security Version

2.4.0

Default setup used?

Yes, the bug happens even if the security option is not customized

Security options

Reproduction

Description

The nuxt-security module's SRI (Subresource Integrity) feature is incompatible with Nuxt 4's new entryImportMap experimental feature, causing integrity hash mismatches and blocking dynamic imports.

Related issue https://github.com/nuxt/nuxt/issues/33247

Additional context

When both SRI and entryImportMap are enabled, the following error occurs:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://somedomain.com/_nuxt/PeQVlOgK.js' with computed SHA-384 integrity 'xBIudfkVkGKemQ5krLETsP8rpyEg97VDA7HctIzgdnTtoaRvTl6oYE5iCrzfVY5W'. The resource has been blocked.
Uncaught (in promise) TypeError: Failed to fetch dynamically imported module: https://somedomain.com/_nuxt/PeQVlOgK.js

alexieremia avatar Oct 13 '25 09:10 alexieremia

Hey,

Thanks for reporting this issue.

As you have already done some research about the issue, would you be open for contributing with a fix? :)

Baroshem avatar Oct 18 '25 00:10 Baroshem