Join the Mozilla’s Test Days event from Dec 2–8 to test the new Firefox address bar on Firefox Beta 134 and get a chance to win Mozilla swag vouchers! 🎁

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

None of the "sha256" hashes in the integrity attribute match the content of the subresource

  • 2 svar
  • 1 har dette problemet
  • 1 view
  • Siste svar av igorw

more options

We created a web site that uses resources from cdnjs. This site has been live for a couple of months but we have sporadic issues with resources from this CDN and FireFox.

  • The error in the console for each script/style CDN resource is: None of the "sha256" hashes in the integrity attribute match the content of the subresource.
  • The error message in the network tab for each resource is: The connection used to fetch this resource was not secure

Resources that I have had issues with include these elements (as they appear in our web page):

Steps to reproduce

You can reproduce the problem with one of the above URLs and place it directly in the URL of the FireFox browser. The resource should load in the browser window but after pressing CTRL+F5 at least one time (could be up to 5 times) an error will appear. I can duplicate this from multiple PCs although we are located in the Netherlands so maybe a timing issue or something? This does not happen with any other resources from other CDNs that we are using like (we use integrity checks with these as well):

My environment:

  • Windows 10 Pro 64bit patched to latest
  • FireFox 60.0.1 (64-bit)

My question

Is this an issue that is specific to cdnjs and they must resolve this or is this an issue with FireFox or is this an issue with how we are requesting the resource? Is there anything else that we can do to get the ball rolling on fixing this (depending on the actual source of the problem)?

As a side note we also test our software on Google Chrome, MS Internet Explorer, MS Internet Explorer 11, MS Edge, and Opera and we have

Thank you in advance!

-Igor

We created a web site that uses resources from [https://cdnjs.com/ cdnjs]. This site has been live for a couple of months but we have sporadic issues with resources from this CDN and FireFox. * The error in the console for each script/style CDN resource is: '''None of the "sha256" hashes in the integrity attribute match the content of the subresource.''' * The error message in the network tab for each resource is: '''The connection used to fetch this resource was not secure''' Resources that I have had issues with include these elements (as they appear in our web page): * <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/css/bootstrap-dialog.min.css" integrity="sha256-wstTM1F5dOf7cgnlRHIW3bmoRAAGh6jL7tMIvqTuFZE=" crossorigin="anonymous" /> * <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-datetimepicker/4.17.47/css/bootstrap-datetimepicker.min.css" integrity="sha256-yMjaV542P+q1RnH6XByCPDfUFhmOafWbeLPmqKh11zo=" crossorigin="anonymous" /> * <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/jqtree/1.4.4/jqtree.min.css" integrity="sha256-ymsp1QFcwiJbIgAoSOkMtqe4GFczZH1KjXLq6y5f+QY=" crossorigin="anonymous" /> * <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css" integrity="sha384-wvfXpqpZZVQGK6TAh5PVlGOfQNHSoD2xbE+QkPxCAFlNEevoEH3Sl0sibVcOQVnN" crossorigin="anonymous" /> * <script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap3-dialog/1.35.4/js/bootstrap-dialog.min.js" integrity="sha256-IpgnbT7iaNM6j9WjtXKI8VMJ272WM9VvFYkZdu1umOA=" crossorigin="anonymous"></script> * <script src="https://cdnjs.cloudflare.com/ajax/libs/moment.js/2.15.2/moment-with-locales.min.js" integrity="sha256-K+AZsAFjiBd4piqBmFzaxDsiQiHfREubm1ExNGW1JIA=" crossorigin="anonymous"></script> '''Steps to reproduce''' You can reproduce the problem with one of the above URLs and place it directly in the URL of the FireFox browser. The resource should load in the browser window but after pressing ''CTRL+F5'' at least one time (could be up to 5 times) an error will appear. I can duplicate this from multiple PCs although we are located in the Netherlands so maybe a timing issue or something? This does not happen with any other resources from other CDNs that we are using like (we use integrity checks with these as well): * <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script> * <script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script> My environment: * Windows 10 Pro 64bit patched to latest * FireFox 60.0.1 (64-bit) ''My question'' Is this an issue that is specific to [https://cdnjs.com/ cdnjs] and they must resolve this or is this an issue with FireFox or is this an issue with how we are requesting the resource? Is there anything else that we can do to get the ball rolling on fixing this (depending on the actual source of the problem)? As a side note we also test our software on Google Chrome, MS Internet Explorer, MS Internet Explorer 11, MS Edge, and Opera and we have Thank you in advance! -Igor

Endret av igorw

Valgt løsning

@Pkshadow - Thank you for your suggestion. I have created a post on Stack Overflow. As per your recommendation I will mark this question as closed.

Les dette svaret i sammenhengen 👍 0

All Replies (2)

more options

Hi, this is some what beyond what Firefox Support Volunteers do.

If you have a bug, file a bug report.

Bug Writing Guidelines :

Also info :

and

Since mozilla.org and some other URL's download a Stub Installer that maybe the issue you are having. Try full version installers :

Please let us know if this solved your issue or if need further assistance.

more options

Valgt løsning

@Pkshadow - Thank you for your suggestion. I have created a post on Stack Overflow. As per your recommendation I will mark this question as closed.