Hugo

Fingerprinting/SRI on Netlify

For a few weeks now my integration of fingerprinting/sri on Netlify stopped working. Before all was well, the Javascript was loaded, no errors. Now the following comes up:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://d33wubrfki0l68.cloudfront.net/js/489b319e76623ca18dc354591c5e1ceccc27e9ee/script.min.a33459c326d687a3d5ecebd236f8942075fe10401d22b6b0d3f44f5b5ee34771.js' with computed SHA-256 integrity '+XGvg2UNplvzSfomr9qydH+f4UWnub7BfSritFlpT6M='. The resource has been blocked.

The hash of course changes.

The template code:

{ $js := slice $js0 $js1 $js2 $js3 $js4 $js5 $js6 $js7 $js8 $js9 $js10 | resources.Concat "script.js" | resources.Minify | resources.Fingerprint }}
<script src="{{$js.RelPermalink}}" integrity="{{ $js.Data.Integrity }}" crossorigin="anonymous" async defer></script>

I have the feeling that the CDN on Cloudfront is the culprit, but have no clue where to begin to investigate.

Does anyone experience the same?

Ok, that was my own fault. After some thinking, I realized that POST-processing means AFTER Hugo runs :wink: I had post-processing of JS (minification and concatenation) enabled on Netlify and that, of course, did change the hash of the file. Which basically just proofs that SRI works :wink:

4 Likes