From 93aaf4dfb6d61f9f62018dbb9664de1a6d6d742e Mon Sep 17 00:00:00 2001 From: Martii Date: Wed, 21 Jul 2021 05:52:07 -0600 Subject: [PATCH] Post fix for incorrect type * We already have the hex and default for Buffer is `utf`... so coerce it to `hex` * Open up script sending to this methodology. Minification output support may come later but if one relies on the hash and something changes in the backend it can easily foo script installation. Will have to ponder some more. Post #1826 --- controllers/scriptStorage.js | 3 ++- libs/modelParser.js | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/controllers/scriptStorage.js b/controllers/scriptStorage.js index de74ffa39..0834edfd8 100644 --- a/controllers/scriptStorage.js +++ b/controllers/scriptStorage.js @@ -629,7 +629,7 @@ exports.sendScript = function (aReq, aRes, aNext) { } hashSRI = aScript.hash - ? 'sha512-' + Buffer.from(aScript.hash).toString('base64') + ? 'sha512-' + Buffer.from(aScript.hash, 'hex').toString('base64') : 'undefined'; // HTTP/1.1 Caching @@ -687,6 +687,7 @@ exports.sendScript = function (aReq, aRes, aNext) { source = chunks.join(''); // NOTE: Watchpoint // Send the script + aRes.set('Access-Control-Allow-Origin', '*'); aRes.set('Content-Type', 'text/javascript; charset=UTF-8'); aStream.setEncoding('utf8'); diff --git a/libs/modelParser.js b/libs/modelParser.js index 9767751c5..9276d0158 100644 --- a/libs/modelParser.js +++ b/libs/modelParser.js @@ -495,7 +495,7 @@ var parseScript = function (aScript) { if (script.hash) { // NOTE: May be absent in dev DB but should not be in pro DB script.hashShort = script.hash.substr(0, 7); - script.hashSRI = 'sha512-' + Buffer.from(script.hash).toString('base64'); + script.hashSRI = 'sha512-' + Buffer.from(script.hash, 'hex').toString('base64'); } if (script.created && script.updated && script.created.toString() !== script.updated.toString()) {