Blazor WebAssembly Application fails to load due to integrity errors

Question

We have developed a Blazor WebAssembly Application that has already gone into productive usage for a certain group of customers.

The Application works well in all Browsers with Standard Security settings. However, this morning I got a call from one of the customers, where the Application did not load at all in their Chrome Browser.

I saw the following Errors in the console:

• Unknown error occurred while trying to verify integrity.
• Failed to load resource: the server responded with a status of 403 (forbidden)
• Failed to find a valid digest in the 'integrity' attribute for ressource '<somepath.dll>' with SHA-256 integrity <sha56>. the resource has been blocked

Now my question is, what could cause this? Is this a Browser Security setting, or another security setting e.g on server, in code etc.? How can I fix this?

Here's a picture of the errors mentioned above

Answer 1

Solution for me was to delete the obj and the bin folder in both the client and the server project folder

Answer 2

Update 30.08.2023:

We found out that the networks where Blazor Apps don't work, use either a forward proxy, or a firewall that block the MIME type "application/octet-stream" to which .dll and .bin files belong to. If your Admin adds that to your environment, you can basically test this error. We're currently trying to either ship the Blazor files in a bundle that isn't an octet-stream or as wasm files (which is MIME Type "application/wasm") with the .net 8 preview.

Update 05.07.2023:

Looks like with the realease of .NET 8.0, Blazor creates .wasm files instead of .dll. Hopefully, this will get rid of firewall + antivirus block for Blazor WebAssembly Applications. Quote:

In ASP.NET Core 8.0 or later, .NET assemblies are deployed as WebAssembly files (.wasm) using the Webcil file format.

Answer before 05.07.2023:

The most likely reason why this is happening, is that some Antiviruses block the execution of downloaded .dll files. That's why it is working in some networks, but doesn't in some others.

What you can do, and what is also suggested as a Workaround by microsoft, is to rename all .dll to .bin - and also change the config json. it worked in my case.

I use the following PowerShell function for that:

Function Hide-BlazorDLL {

    Param(
        [string]$Path = (Get-Location).Path
    )

    <#
        According to the following Links:
        https://github.com/dotnet/aspnetcore/issues/19552
        https://github.com/dotnet/aspnetcore/issues/5477#issuecomment-599148931
        https://github.com/dotnet/aspnetcore/issues/21489
        https://gist.github.com/Swimburger/774ca2b63bad4a16eb2fa23b47297e71 
    #>

    # Test if path is correct and accessible
    $WorkingDir = Join-Path $Path "_framework"
    if (!(Test-Path $WorkingDir)) { Throw "Wrong path $Path. current location must be wwwroot folder of published application." }

    # Get All Items
    $AllItems = Get-ChildItem $WorkingDir -Recurse
    $DLLs = $AllItems | Where-Object { $_.Name -like '*.dll*' }
    $BINs = $AllItems | Where-Object { $_.Name -like '*.bin*' }

    # End script if no .dll are found
    if ($DLLs) { 

        # Delete all current .bin files
        if ($BINs) {
            Remove-item $BINs.FullName -Force
        }
    
        # Change .dll to .bin on files and config
        $DLLs | Rename-item -NewName { $_.Name -replace ".dll\b",".bin" }
        ((Get-Content "$WorkingDir\blazor.boot.json" -Raw) -replace '.dll"','.bin"') | Set-Content "$WorkingDir\blazor.boot.json"
    
        # Delete Compressed Blazor files
        if (Test-Path "$WorkingDir\blazor.boot.json.gz") {
            Remove-Item "$WorkingDir\blazor.boot.json.gz"
        }
        if (Test-Path "$WorkingDir\blazor.boot.json.br") {
            Remove-Item "$WorkingDir\blazor.boot.json.br"
        }
    
        # Do the same for ServiceWorker, if it exists
        $ServiceWorker = Get-Item "$Path\service-worker-assets.js" -ErrorAction SilentlyContinue
        if ($ServiceWorker) {
            ((Get-Content $ServiceWorker.FullName -Raw) -replace '.dll"','.bin"') | Set-Content $ServiceWorker.FullName
            Remove-Item ($ServiceWorker.FullName + ".gz")
            Remove-Item ($ServiceWorker.FullName + ".br")
        }
    }
    else {
        Write-Host "There are no .dll Files to rename to .bin" 
    }
}

Basically you need to navigate to the wwwroot folder of your published application and run the function there. e.g:

PS D:\inetpub\wwwroot\<appname>\wwwroot> Hide-BlazorDLL

Answer 3

This error for some reason kept happening for me when I tested my application in an anonymous browser window (Google Chrome).

Try using a normal browser window if you're getting integrity errors.

Also, if you're using Cloudflare CDN don't forget to "Purge Everything" in the cache.

Answer 4

We have experienced this issue using Cloudflare auto minify feature. That feature removes any comments from html, js and other files - which some of the blazor .js files seems to contain.

This means that the hash of the file contents no longer matches the hash found in blazor.boot.json -> an integrity issue will be thrown and stop the app from loading.

Disabling the auto minify feature fixed the issue.

Answer 5

For me, it was simply erasing the call to IApplicationBuilder.UseBlazorFrameworkFiles() accidentally. I suggest double check your code to be sure.

Answer 6

Using Azure, you would need to delete the obj & bin folders on the server when you deploy automatically via git

1. Go to your SCM of your dev slot (yoursite.scm.azurewebsites.net) (add .scm)
2. Go to /DebugConsole
3. Type cd C:\home\site\repository
4. Delete all obj & bin folders, usually this structure:
   • ./Projectname/obj
   • ./Projectname.Client/obj
5. Trigger a redeployment in Azure Devops

Can probably be automated...

Answer 7

Tech Stack:

.NET 6.0.11

I had a similar issue. In the local machine, it is working fine. But when it is deployed through GitHub Actions, I get integrity checks error. I got this issue for Blazor WebAssembly ASP.NET Core Hosted (WebAssemblyPrerendered) project. Here is the fix I followed.

1. Added the .gitattributes file to the solution root folder.
2. Added the below code at the end of the file.

# blazor dlls - treat all .dll files as binary
*.dll binary

Answer 8

May I am late to this issue. I just had the same issue. The solution for me was adding this:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
     .
     . 
     .
    <staticContent>
      <remove fileExtension=".blat" />
      <remove fileExtension=".dat" />
      <remove fileExtension=".dll" />
      <remove fileExtension=".json" />
      <remove fileExtension=".wasm" />
      <remove fileExtension=".woff" />
      <remove fileExtension=".woff2" />
      <mimeMap fileExtension=".blat" mimeType="application/octet-stream" />
      <mimeMap fileExtension=".dll" mimeType="application/octet-stream" />
      <mimeMap fileExtension=".dat" mimeType="application/octet-stream" />
      <mimeMap fileExtension=".json" mimeType="application/json" />
      <mimeMap fileExtension=".wasm" mimeType="application/wasm" />
      <mimeMap fileExtension=".woff" mimeType="application/font-woff" />
      <mimeMap fileExtension=".woff2" mimeType="application/font-woff" />
    </staticContent>
    <httpCompression>
      <dynamicTypes>
        <add mimeType="application/octet-stream" enabled="true" />
        <add mimeType="application/wasm" enabled="true" />
      </dynamicTypes>
    </httpCompression>
 </system.webServer>
</configuration>

On web.config inside wwwroot folder.