Hugo

Fingerprinting/SRI on Netlify

For a few weeks now my integration of fingerprinting/sri on Netlify stopped working. Before all was well, the Javascript was loaded, no errors. Now the following comes up:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://d33wubrfki0l68.cloudfront.net/js/489b319e76623ca18dc354591c5e1ceccc27e9ee/script.min.a33459c326d687a3d5ecebd236f8942075fe10401d22b6b0d3f44f5b5ee34771.js' with computed SHA-256 integrity '+XGvg2UNplvzSfomr9qydH+f4UWnub7BfSritFlpT6M='. The resource has been blocked.

The hash of course changes.

The template code:

{ $js := slice $js0 $js1 $js2 $js3 $js4 $js5 $js6 $js7 $js8 $js9 $js10 | resources.Concat "script.js" | resources.Minify | resources.Fingerprint }}
<script src="{{$js.RelPermalink}}" integrity="{{ $js.Data.Integrity }}" crossorigin="anonymous" async defer></script>

I have the feeling that the CDN on Cloudfront is the culprit, but have no clue where to begin to investigate.

Does anyone experience the same?

Ok, that was my own fault. After some thinking, I realized that POST-processing means AFTER Hugo runs :wink: I had post-processing of JS (minification and concatenation) enabled on Netlify and that, of course, did change the hash of the file. Which basically just proofs that SRI works :wink:

4 Likes

Hi, how did you actually fix that because today’s update of my blog as royally b*****cks up my site!

Please ignore that.

I finally remembered that I had to run hugo against the template in order to rebuild the bundles and generate the updated fingerprints. I’d forgotten that since it has been a long time since I last updated my custom theme.