None of the "sha256" hashes in the integrity attribute match the content of the subresource
We created a web site that uses resources from cdnjs. This site has been live for a couple of months but we have sporadic issues with resources from this CDN and FireFox.
- The error in the console for each script/style CDN resource is: None of the "sha256" hashes in the integrity attribute match the content of the subresource.
- The error message in the network tab for each resource is: The connection used to fetch this resource was not secure
Resources that I have had issues with include these elements (as they appear in our web page):
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/css/bootstrap-dialog.min.css" integrity="sha256-wstTM1F5dOf7cgnlRHIW3bmoRAAGh6jL7tMIvqTuFZE=" crossorigin="anonymous" />
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css" integrity="sha256-yMjaV542P+q1RnH6XByCPDfUFhmOafWbeLPmqKh11zo=" crossorigin="anonymous" />
- <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/jqtree/1.4.4/jqtree.min.css" integrity="sha256-ymsp1QFcwiJbIgAoSOkMtqe4GFczZH1KjXLq6y5f+QY=" crossorigin="anonymous" />
- <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous" />
- <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/js/bootstrap-dialog.min.js" integrity="sha256-IpgnbT7iaNM6j9WjtXKI8VMJ272WM9VvFYkZdu1umOA=" crossorigin="anonymous"></script>
- <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.15.2/moment-with-locales.min.js" integrity="sha256-K+AZsAFjiBd4piqBmFzaxDsiQiHfREubm1ExNGW1JIA=" crossorigin="anonymous"></script>
Steps to reproduce
You can reproduce the problem with one of the above URLs and place it directly in the URL of the FireFox browser. The resource should load in the browser window but after pressing CTRL+F5 at least one time (could be up to 5 times) an error will appear. I can duplicate this from multiple PCs although we are located in the Netherlands so maybe a timing issue or something? This does not happen with any other resources from other CDNs that we are using like (we use integrity checks with these as well):
- <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
- <script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
My environment:
- Windows 10 Pro 64bit patched to latest
- FireFox 60.0.1 (64-bit)
My question
Is this an issue that is specific to cdnjs and they must resolve this or is this an issue with FireFox or is this an issue with how we are requesting the resource? Is there anything else that we can do to get the ball rolling on fixing this (depending on the actual source of the problem)?
As a side note we also test our software on Google Chrome, MS Internet Explorer, MS Internet Explorer 11, MS Edge, and Opera and we have
Thank you in advance!
-Igor
Moambuepyre
Ñemoĩporã poravopyre
@Pkshadow - Thank you for your suggestion. I have created a post on Stack Overflow. As per your recommendation I will mark this question as closed.
Emoñe’ẽ ko mbohavái ejeregua reheve 👍 0Opaite Mbohovái (2)
Hi, this is some what beyond what Firefox Support Volunteers do.
If you have a bug, file a bug report.
Bug Writing Guidelines :
Also info :
- https://developer.mozilla.org/en-US/
- https://developer.mozilla.org/en-US/Firefox
- https://developer.mozilla.org/en-US/docs/Web/Guide
and
Since mozilla.org and some other URL's download a Stub Installer that maybe the issue you are having. Try full version installers :
Please let us know if this solved your issue or if need further assistance.
Ñemoĩporã poravopyre
@Pkshadow - Thank you for your suggestion. I have created a post on Stack Overflow. As per your recommendation I will mark this question as closed.