是否有一个标志可以禁用 chromium 中的子资源完整性检查?
Is there a flag to disable subresource integrity checking in chromium?
我们正在使用 puppeteer and sometimes playwright to run some integration tests. We mock some of the target page's script dependencies, which causes subresource integrity 哈希不匹配。
Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:3000/static/third-party/adobe-target/at-js/2.4.0-cname/at.js' with computed SHA-256 integrity '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='. The resource has been blocked."
有没有办法通过标志或配置禁用完整性哈希检查属性?
没有。我相信唯一的方法是从加载脚本的源中修复或删除 integrity 属性。
查看 chromium(或闪烁)源,unless the integrity attribute is empty, the FetchManager::Loader will instantiate the SRIVerifier, whose constructor calls its OnStateChange method, where for response types of basic, cors, default (leaving out responses and errors), SubresourceIntegrity::CheckSubresourceIntegrity is called. Unless the parsing of the integrity attribute fails, SubresourceIntegrity::CheckSubresourceIntegrityImpl 要么成功验证其中一个摘要,要么失败并显示给定的错误消息。没有沿此路径检查配置选项来覆盖失败的检查。
我们正在使用 puppeteer and sometimes playwright to run some integration tests. We mock some of the target page's script dependencies, which causes subresource integrity 哈希不匹配。
Failed to find a valid digest in the 'integrity' attribute for resource 'http://localhost:3000/static/third-party/adobe-target/at-js/2.4.0-cname/at.js' with computed SHA-256 integrity '47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='. The resource has been blocked."
有没有办法通过标志或配置禁用完整性哈希检查属性?
没有。我相信唯一的方法是从加载脚本的源中修复或删除 integrity 属性。
查看 chromium(或闪烁)源,unless the integrity attribute is empty, the FetchManager::Loader will instantiate the SRIVerifier, whose constructor calls its OnStateChange method, where for response types of basic, cors, default (leaving out SubresourceIntegrity::CheckSubresourceIntegrity is called. Unless the parsing of the integrity attribute fails, SubresourceIntegrity::CheckSubresourceIntegrityImpl 要么成功验证其中一个摘要,要么失败并显示给定的错误消息。没有沿此路径检查配置选项来覆盖失败的检查。