laravel-sri icon indicating copy to clipboard operation
laravel-sri copied to clipboard

Published 20 hours ago verified publisher icon Elhebert

Sri::hash generates wrong key

Open janlew opened this issue 3 years ago • 2 comments

Hello, I'm started using "laravel-sri" with "laravel-mix-sri". It's working without any issues on local environment, but when I push changes on test/live I'm starting getting error messages in console: None of the “sha256” hashes in the integrity attribute match the content of the subresource.

e.g. example.js has hash - sha256-BxaPYc1tnHx2U8m/aKA8Sx9FEHlg6fvTDsWGCD7NGjA= in mix-sri.json but Chrome requires whole different hash

Failed to find a valid digest in the 'integrity' attribute for resource 'xxx.com/assets/js/example.js?id=3fac7b922ddf2b2605cc177f81e781df' with computed SHA-256 integrity 'eQfO2c01V2pl0xVdxyXFNOjgpWQekJShYmr93w33pwA='. The resource has been blocked.

It looks like browser calculates different hashes, what should I do to fix this?

janlew avatar Jun 23 '22 07:06 janlew

Hello. I have the same problem.

alexmandrikdev avatar Aug 08 '23 15:08 alexmandrikdev

It seems that this would be a laravel-mix-sri issue rather that this package. I'm not using these packages anymore, nor supporting them. Especially since Laravel works with Vite now.

Could you share the configuration for both packages? Maybe it's a configuration issue 🤔

Elhebert avatar Sep 06 '23 10:09 Elhebert