'Hashing script in node.js
i have an electron app, that will in the end load a script on html as
<script>require('../../lib/i18n-translate.js')</script>.
As electron (resp. chromium) complained about a missing Content-Security-Policy i wanted to add the csp with a hash programmatically, so when i build my app, it will automatically insert the hash and everybody is happy. Unfortunately i currently don't succeed to create the same hash as electron does:
- Electron shows me a hash on console, which makes the csp pass if i just copy it manually.
- Creating a hash on node.js with the following code, just creates me a different hash.
- I'm meanwhile relatively sure, that i need the base64 encoded output. Apart from that, i tried several encodings on readFile, with or without toString(), with trim()...
- My current assumption is, that the text/binary given to
createHash.update()differs somehow from the one, that electron passes to its hashing.
Thus:
- Does anybody know, which text exactly is hashed by the browser to get the csp-hash?
- Or does anybody see my obvious fault on the hash-creation? ;)
Thank you in advance! :) Jonas
function getCspHash(file) {
const fs = require('fs')
const { createHash } = require('crypto')
const hash = createHash('sha256').update(
fs.readFileSync(file).toString()
).digest('base64')
return str.concat(" 'sha256-", hash, "'")
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|