Replies: 2 comments 5 replies
-
The displayed hash (that is: sha512-Wkxbeuy81yHqZNrMurMURCOCMzkJqaFYnvToublHiOGoVXQ2DS1lOUjKwstbe0GwELrRb9sicdV2y6GiAnVxuw==) There's no problem with the non minified version. |
Beta Was this translation helpful? Give feedback.
-
Same issue today: <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.4/moment.min.js" integrity="sha512-CryKbMe7sjSCDPl18jtJI5DR5jtkUWxPXWaLCst6QjH8wxDexfRJic2WRmRXmstr2Y8SxDDWuBO6CQC6IE4KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script> and then Firefox fails to load the resource
same for Chrome:
Meanwhile other CDNs are hosting other js files: <script src="https://cdn.jsdelivr.net/npm/moment@2.29.4/moment.min.js" integrity="sha512-ukcAlrvzygTzyq3b2Tk3eHj/BeixHZgXFA3uFZlOyRGAel1nkRhTvfFKVGUjl0iS/gy3n8TQ8BPar5X0WqmU1A==" crossorigin="anonymous"></script>
<script src="https://unpkg.com/browse/moment@2.29.4/min/moment.min.js" integrity="sha512-jsPn8g8QGm9E/SX0mS18wYF3tP2uoumM5d0BVscQuV1WiXiNf8aoRZSy/5hhe8zCTG2Rmx+rtWoVrHLGinda1g==" crossorigin="anonymous"></script> I worked around the integrity issue of CDNjs by just updating the hash in the script tag to what is actually being hosted instead:
Update: |
Beta Was this translation helpful? Give feedback.
-
The CDNJS supplied sri hash does not match the file.
I use the "Copy SRI hash" button for example on:
https://cdnjs.com/libraries/moment.js
for
https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.29.2/moment.min.js
it gives:
"sha512-Wkxbeuy81yHqZNrMurMURCOCMzkJqaFYnvToublHiOGoVXQ2DS1lOUjKwstbe0GwELrRb9sicdV2y6GiAnVxuw=="
Using
https://www.srihash.org/
gives:
"sha512-/dnQ7rkQ8MP18TeZF3eIsh6WNjju/2SUoSMUX0lhA8yi68GqpesIp4X84EQM+XayllmkC2Dr37uqCAXSgS74rA=="
The www.srihash.org value matches the file. The cdnjs value does not.
Beta Was this translation helpful? Give feedback.
All reactions