Summary

Some users see a browser SRI integrity check failure for the Prism.js theme stylesheet, blocking code block syntax highlighting:

Failed to find a valid digest in the 'integrity' attribute for resource
'https://cdn.jsdelivr.net/npm/[email protected]/themes/prism.min.css'
with computed SHA-384 integrity 'rCCjoCPCsizaAAYVoz1Q0CmCTvnctK0JkfCSjx7IIxexTBg+uCKtFYycedUjMyA2'.
The resource has been blocked.

Reported by @vishnukool in the community Discord (#report-bugs), confirmed still present after v0.50.210.

Root cause area

static/boot.js _setResolvedTheme() — when the page loads in light theme, it changes the <link id="prism-theme"> element (which defaults to prism-tomorrow.min.css in index.html) to prism.min.css:

link.integrity = wantIntegrity;
link.href = want;

The SRI hash values in code are correct (verified against live CDN). The failure is intermittent and likely a race condition: the browser may initiate the fetch before the new integrity value is applied when href changes, causing the old or empty integrity to be used for validation.

The crossorigin="anonymous" attribute is present on the initial <link> in index.html and persists across href changes, so that's not the cause.

Expected behavior

Code block syntax highlighting loads correctly in both light and dark themes. No SRI console errors.

Possible fix

Set crossorigin and integrity attributes atomically before the href change, or remove SRI from the dynamically-swapped theme link and use a static approach (separate <link> elements for each theme, toggled via disabled).

Impact

Intermittent — affects some users in light theme. Code blocks lose syntax highlighting when the stylesheet is blocked.