Omnifaces CombinedResourceHandler 的 SHA-384 完整性问题

问题描述 投票:0回答:1

我们使用CombinedResourceHandler 来组合我们的CSS 和JS 文件。这在部署应用程序时工作得很好,但一段时间后(我猜没有使用应用程序),浏览器在加载这些文件时出现问题,因为 Omnifaces 3.13 中引入了 SHA-384 完整性。

应用程序在容器环境(Docker)中的WildFly上运行,并通过Apache2反向代理访问。

该问题出现在多个 java/wildfly/omnifaces 版本上。

错误信息:

Failed to find a valid digest in the 'integrity' attribute for resource 'https://{HOST}/javax.faces.resource/eNrLTczMs0ouLtYvKMrPSk0uyU3MS0xPLdItT03SAwrXFBRl5qamJSanFlsl5-cW5Oel5pUUg2QAi20Wng.css.xhtml?ln=omnifaces.combined&v=1714462321656' with computed SHA-384 integrity 'gz+8OSFmG9pvdPUmAQvgZvqlaek3oXVFI+0kni54mrdClZrC0F6buQuaxwmy85qw'. The resource has been blocked.

web.xml:

<!-- enable the web socket endpoint by omifaces -->
<context-param>
    <param-name>org.omnifaces.SOCKET_ENDPOINT_ENABLED</param-name>
    <param-value>true</param-value>
</context-param>
<!-- activate server-side caching of the combined resource content by omnifaces -->
<context-param>
    <param-name>org.omnifaces.COMBINED_RESOURCE_HANDLER_CACHE_TTL</param-name>
    <param-value>86400</param-value> <!-- 86.400sec = 24h -->
</context-param>
<context-param>
    <param-name>org.omnifaces.COMBINED_RESOURCE_HANDLER_DISABLED</param-name>
    <param-value>#{facesContext.application.projectStage eq 'Development'}</param-value>
</context-param>

faces-config.xml:

<?xml version="1.0" encoding="UTF-8"?>
<faces-config xmlns="http://xmlns.jcp.org/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-facesconfig_2_3.xsd"
    version="2.3">

    <application>
        <locale-config>
            <default-locale>de</default-locale>
            <supported-locale>de</supported-locale>
            <supported-locale>en</supported-locale>
        </locale-config>

        <resource-bundle>
            <base-name>messages</base-name>
            <var>msg</var>
        </resource-bundle>
        <message-bundle>messages_jsf</message-bundle>

        <el-resolver>org.primefaces.application.exceptionhandler.PrimeExceptionHandlerELResolver</el-resolver>

        <resource-handler>org.omnifaces.resourcehandler.CombinedResourceHandler</resource-handler>
    </application>

    <factory>
        <exception-handler-factory>org.primefaces.application.exceptionhandler.PrimeExceptionHandlerFactory</exception-handler-factory>
    </factory>
    
    <lifecycle>
        <phase-listener>org.omnifaces.eventlistener.ResetInputAjaxActionListener</phase-listener>
    </lifecycle>

</faces-config>

出现问题时,只有重新启动应用程序/容器才有帮助。

有没有办法解决这个问题以保持完整性有效?否则我们必须考虑不使用 CombindedResourceHandler。

jsf-2 wildfly omnifaces
1个回答
0
投票

我发现了一种解决方法,试图为我们的应用程序解决同样的问题。如果你设置一个上下文参数,比如

  <context-param>
      <param-name>org.omnifaces.COMBINED_RESOURCE_HANDLER_CROSSORIGIN</param-name>
      <param-value><!--intentionally blank--></param-value>
  </context-param>

在您的

web.xml
中,这将禁用提交中3.13中引入的完整性生成https://github.com/omnifaces/omnifaces/commit/3a6e14c948aac94723a21e8fde4b1188b3ce670e

生成的 HTML 看起来像这样

<link type="text/css" rel="stylesheet" href="/APP_ROOT/javax.faces.resource/longhashnamehere.css?ln=omnifaces.combined&amp;v=1723663698000" crossorigin="" integrity="">
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.