Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed a bug where the SRI hash in _vendors.yml is incorrect #727

Closed
wants to merge 1 commit into from

Conversation

1nj0k
Copy link

@1nj0k 1nj0k commented Dec 3, 2023

Fixed a bug where the SRI hash is incorrect.

PR Checklist

PR Type

  • Bugfix.
  • Feature.
  • Improvement.
  • Code style update (formatting, linting).
  • Refactoring (no functional changes).
  • Documentation.
  • Translation.
  • Other... Please describe:

What is the current behavior?

https://theme-next.js.org/

The website can not display the content, and the console send an error message.

None of the “sha256” hashes in the integrity attribute match the content of the subresource. The computed hash is “vO75T5ZEgfdoDZXn+75ajCDTlFqSanVIdImKV423x6s=”.

Issue resolved:
After checking the page source code, I found there is a mistake with "https://cdnjs.cloudflare.com/ajax/libs/animejs/3.2.2/anime.min.js" hash value. Then I change it from "sha256-tc4b48P1MPGS4PJXHRlChGCW1mEZy62jS/3JEsSHPzU=" to "sha256-vO75T5ZEgfdoDZXn+75ajCDTlFqSanVIdImKV423x6s=", it works.

What is the new behavior?

The website can display content after using the correct SRI hash value.

Fixed a bug where the SRI hash was incorrect
Copy link

welcome bot commented Dec 3, 2023

Thanks so much for opening your first PR here!

@CLAassistant
Copy link

CLAassistant commented Dec 3, 2023

CLA assistant check
All committers have signed the CLA.

@coveralls
Copy link

Pull Request Test Coverage Report for Build 7076058369

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 97.416%

Totals Coverage Status
Change from base Build 7071252829: 0.0%
Covered Lines: 394
Relevant Lines: 399

💛 - Coveralls

@njzjz njzjz linked an issue Dec 3, 2023 that may be closed by this pull request
3 tasks
@njzjz njzjz mentioned this pull request Dec 3, 2023
11 tasks
@stevenjoezhang
Copy link
Member

The core issue is that the anime.js 3.2.2 file on cdnjs and jsdelivr is different (which is rare situation). Modifying it this way will cause the SRI check on jsdelivr to fail. I think we need to roll back to the previous version of anime.js and release a new version of the theme.

@njzjz
Copy link
Member

njzjz commented Dec 4, 2023

Unpkg gives the same result as jsdelivr so the issue may come from cdnjs.

@njzjz
Copy link
Member

njzjz commented Dec 4, 2023

Maybe related: cdnjs/cdnjs#14210

@1nj0k
Copy link
Author

1nj0k commented Dec 4, 2023

The core issue is that the anime.js 3.2.2 file on cdnjs and jsdelivr is different (which is rare situation).

It's really a rare problem. I also think rollback is a good idea.

@njzjz
Copy link
Member

njzjz commented Dec 4, 2023

cdnjs said they cannot ensure the compressed file is the same as that in the source code

@1nj0k 1nj0k closed this Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

v8.19.0 "The resource has been blocked" & "Uncaught TypeError"
5 participants