Integrity attribute related message refers to wrong hash function (SHA-256 instead of SHA-512)
Reported by
hub...@hubertgajewski.com,
Sep 6
|
|||||
Issue description
Chrome Version : Version 69.0.3497.81 (Official Build) (64-bit)
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL, along with the version, after other browsers where you
have tested this issue:
Safari:
Firefox:
Edge:
What steps will reproduce the problem?
(1) Prepare simple HTML file with <script src="https://example.com/javascriptfile.js" integrity="sha512-WRONG==" crossorigin="anonymous"></script> (where https://example.com/javascriptfile.js is path to external JavaScript file)
(2) Open that HTML file in Chrome
What is the expected result?
"Failed to find a valid digest in the 'integrity' attribute for resource 'https://example.com/javascriptfile.js' with computed SHA-512 integrity (...)"
What happens instead?
"Failed to find a valid digest in the 'integrity' attribute for resource 'https://example.com/javascriptfile.js' with computed SHA-256 integrity (...)"
It's confusing.
Please provide any additional information below. Attach a screenshot if
possible.
The same issue exists when you use hash function different than SHA-256.
,
Sep 13
Thanks for filing the issue. Tried to reproduce this issue on windows 10 using chrome-69.0.3497.81 as per the above steps. steps: ----- 1. Created html file & opened in chrome 2. Open dev tools & go to Network tab Please find the attached screencast and let us know where to check the Integrity attribute related message in network tab.
,
Sep 13
You can find it in JavaScript console.
,
Sep 13
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Sep 13
,
Sep 14
|
|||||
►
Sign in to add a comment |
|||||
Comment 1 by viswa.karala@chromium.org
, Sep 6