[Solved] Invalid hash for mimetypelist.js

I’ve done a new install of Nextcloud 14.0.3, via the Web Installer, on a new Linode server, and it took a pleasantly surprising 2 hours. However, since then I’ve been battling for about 12 hours (!) with 8 or so security warnings. I’ve got them all to disappear except one: “Some files have not passed the integrity check.” There is an invalid hash on core/js/mimetypelist.js.

I’ve looked at some of the other mimetype stuff on the forums, and this is what I’ve tried:
(1) Download the Nextcloud zipfile and extract it.
(2) Copy core/js/mimetypelist.js and core/js/mimetype.js over the existing ones on the server.
(3) Run the following occ commands:
sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php occ maintenance:mimetype:update-db --repair-filecache
sudo -u www-data php occ maintenance:mimetype:update-js
sudo -u www-data php occ maintenance:mode --off

Unfortunately, this hasn’t solved the problem, and I’m not really sure what to do. I intalled a few extra apps after the initial install, but only the Official ones, and I’d have thought they shouldn’t give rise to this problem. Any suggestions?

Hmm. I suppose I’d better answer my own question …

Following the suggestion here: Failed integrity check after manual upgrade
run:
nano config/config.php
Add at the end:
'integrity.check.disabled' => true,
Reload the page and click Rescan in the error message.
Log out.
Log in again.
The error has disappeared.
Then:
nano config/config.php
again, and remove 'integrity.check.disabled' => true,

I should note that this is frowned on by Lukas Reschke, the Security Lead, but it seems to me to defeat the purpose of integrity checks if you have one that is stuck and can’t be cleared. I’m not sure what happens, but perhaps one of the apps edits mimetypelist.js to add new entries, but doesn’t clean up after itself by regenerating the hash?

Anyway, all good now, and very impressed by Nextcloud.

2 Likes

similar issue on NC 16.0.7 … tryied your 2-nd approach without success.
thx for sharing.

Same problem here. Does anyone have a solution? I follow your steps and nothing…the error still there.

A year later and issues of INVALID_HASH without being able to clear the error after a manual install is nothing short of maddening.

After following what worked for the person who came up with a solution in 2018, no luck at all.

Attempts to rescan always result in:

Access denied
CSRF check failed

Unable to clear or reset this.

Surely someone on the planet knows how to fix:

INVALID_HASH

or

Access denied
CSRF check failed

I live in hope.