Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Browser integrity check fails for _framework/wasm/dotnet.3.2.0.js on Cloudflare with JS minification

See original GitHub issue

Describe the bug

I’m hosting a Blazor WebAssembly app on Azure Static Web Apps using a custom domain subdomain. The app is proxied through Cloudflare which automatically applies minification to the JavaScript files. Cloudflare’s minified version is slightly smaller than the original dotnet.3.2.0.js file and due the contents being changed, the browser integrity check fails. This is the Chrome error: "(index):1 Failed to find a valid digest in the 'integrity' attribute for resource 'https://custom.domain.net/_framework/wasm/dotnet.3.2.0.js' with computed SHA-256 integrity '3U49m7eBt/6m4NzgFG7zc0We7jtKrywBlLXHw0r2NNk='. The resource has been blocked."

Is there a way to opt-out of the integrity checking? An attribute or meta tag we can add to the page to tell _framework/blazor.webassembly.js to generate the script-references without an integrity attribute?

I can turn off the minification for JavaScript, but it will do so for the entire site/subdomain sites I have on Cloudflare.

To Reproduce

  • Host Blazor WebAssembly on any platform that would auto-optimize JavaScript files, like Cloudflare

Exceptions (if any)

"(index):1 Failed to find a valid digest in the 'integrity' attribute for resource 'https://custom.domain.net/_framework/wasm/dotnet.3.2.0.js' with computed SHA-256 integrity '3U49m7eBt/6m4NzgFG7zc0We7jtKrywBlLXHw0r2NNk='. The resource has been blocked."

Further technical details

  • Include the output of dotnet --info
.NET Core SDK (reflecting any global.json):
 Version:   3.1.302
 Commit:    41faccf259

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.18363
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\3.1.302\

Host (useful for support):
  Version: 3.1.6
  Commit:  3acd9b0cd1

.NET Core SDKs installed:
  3.1.302 [C:\Program Files\dotnet\sdk]

.NET Core runtimes installed:
  Microsoft.AspNetCore.All 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.1.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.All 2.2.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
  Microsoft.AspNetCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.1.20 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 2.2.7 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.AspNetCore.App 3.1.6 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 2.1.13 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.1.20 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 2.2.7 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.NETCore.App 3.1.6 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
  Microsoft.WindowsDesktop.App 3.1.6 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:2
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

4reactions
SteveSandersonMScommented, Sep 1, 2020

If you want to disable integrity checking, you can do so by putting <BlazorCacheBootResources>false</BlazorCacheBootResources>. As you can guess, this also disables caching of boot resources.

If you’re wondering why you can’t disable integrity checking but keep caching boot resources, it’s because it would be dangerous. If a user was to cache the wrong version of a boot resource, the app could become unusable on their browser, and there would be no way to fix it without going into the browser dev tools and manually clearing the storage for your site. We don’t want to be responsible for bricking someone’s copy of your app like that.

1reaction
SteveSandersonMScommented, Oct 12, 2020
Read more comments on GitHub >

github_iconTop Results From Across the Web

Can't run published Blazor WebAssembly app
Failed to find a valid digest in the 'integrity' attribute for resource 'http://example.com/pwaexperiment/wwwroot/_framework/wasm/dotnet.3.2.0.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The Module DLL C:\Program Files (x86)\IIS\Asp.Net Core Module\V2\aspnetcorev2.dll failed to load. The data is the error

Next page

List.Count does not work