How to prevent User-Agent: Eureka/1 to return source code(如何防止User-Agent:Eureka/1返回源码)
问题描述
ASP.NET Mono MVC 4 应用程序使用 MVC4 内置捆绑和缩小 css 和 js 文件.
ASP.NET Mono MVC 4 application uses MVC4 built in bundling and minification for css and js files.
如果请求中的用户代理字符串使用 fiddler 更改为 Eureka/1
If user agent string in request is changed to Eureka/1 using fiddler
User-Agent: Eureka/1
并重新发出请求,将包含所有注释的整个源代码发送给客户端.
and request is re-issued, whole source code with all comments are sent to client.
如何防止这种情况导致客户端无法检查源代码中的注释?
How to prevent this so that comments in source code code cannot inspected by client ?
来源:http://www.codeproject.com/文章/728146/ASP-NET-MVC-bundles-internals
我尝试将 debug='false'
添加到 web.config
但问题仍然存在.
I tried to add debug='false'
to web.config
but problem persists.
推荐答案
我能够通过创建一个继承自 IBundleBuilder
的类来删除注释.这是为 Microsoft ASP.NET Web 优化框架 1.1.3 于 2014 年 2 月 20 日更新:
I was able to remove comments by creating a classes that inherit from IBundleBuilder
. This is written for Microsoft ASP.NET Web Optimization Framework 1.1.3 which was updated on 2/20/2014:
public class ScriptBundleBuilder : IBundleBuilder
{
public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
{
var content = new StringBuilder();
foreach (var file in files)
{
FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
Microsoft.Ajax.Utilities.CodeSettings settings = new Microsoft.Ajax.Utilities.CodeSettings();
settings.RemoveUnneededCode = true;
settings.StripDebugStatements = true;
settings.PreserveImportantComments = false;
settings.TermSemicolons = true;
var minifier = new Microsoft.Ajax.Utilities.Minifier();
content.Append(minifier.MinifyJavaScript(Read(f), settings));
}
return content.ToString();
}
private string Read(FileInfo file)
{
using (var r = file.OpenText())
{
return r.ReadToEnd();
}
}
}
public class StyleBundleBuilder : IBundleBuilder
{
public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
{
var content = new StringBuilder();
foreach (var file in files)
{
FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
Microsoft.Ajax.Utilities.CssSettings settings = new Microsoft.Ajax.Utilities.CssSettings();
settings.CommentMode = Microsoft.Ajax.Utilities.CssComment.None;
var minifier = new Microsoft.Ajax.Utilities.Minifier();
content.Append(minifier.MinifyStyleSheet(Read(f), settings));
}
return content.ToString();
}
private string Read(FileInfo file)
{
using (var r = file.OpenText())
{
return r.ReadToEnd();
}
}
}
然后告诉捆绑包使用这个构建器.此示例适用于 StyleBundle:
And then telling the bundle to use this builder. This example is for a StyleBundle:
public static void RegisterBundles(BundleCollection bundles)
{
var bundle = new StyleBundle("~/Content/themes/base/css");
bundle.Builder = new StyleBundleBuilder();
bundle.Include("~/Content/themes/base/jquery.ui.core.css",
"~/Content/themes/base/jquery.ui.resizable.css",
//etc
);
bundles.Add(bundle);
var scriptBundle = new ScriptBundle("~/bundles/modernizr");
scriptBundle.Builder = new ScriptBundleBuilder();
scriptBundle.Include("~/Scripts/modernizr-*");
bundles.Add(scriptBundle);
BundleTable.EnableOptimizations = true; //for testing
}
这已在 Chrome 中通过将用户代理更改为 Eureka/1.0
进行测试/确认.
This was tested/confirmed in Chrome by changing the user-agent to Eureka/1.0
.
至少对于 Web 优化框架的某些早期版本(我认为是 1.0 和更早版本),唯一的区别是最终参数.所以它看起来像 public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files)
并且只需要进行微小的更改即可工作......尽管您可能最好只更新.
For at least some previous versions of the Web Optimization framework (1.0 and prior I think), the only difference was the final parameter. So it would look like public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files)
and requires only minor changes to make work... though you're likely better off just updating.
关于这个问题,有人提出了在最近的另一篇 SO 帖子中关于在缩小过程中如何去除许可信息的问题.. 我制作了 一个 NuGet 包 来解决这些问题.
Concerning this problem and one brought up in another recent SO post about how licensing information gets stripped out during minification... I made a NuGet Package to address these issues.
这篇关于如何防止User-Agent:Eureka/1返回源码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:如何防止User-Agent:Eureka/1返回源码
基础教程推荐
- rabbitmq 的 REST API 2022-01-01
- SSE 浮点算术是否可重现? 2022-01-01
- 如何激活MC67中的红灯 2022-01-01
- MS Visual Studio .NET 的替代品 2022-01-01
- 有没有办法忽略 2GB 文件上传的 maxRequestLength 限制? 2022-01-01
- 将 XML 转换为通用列表 2022-01-01
- 如何在 IDE 中获取 Xamarin Studio C# 输出? 2022-01-01
- c# Math.Sqrt 实现 2022-01-01
- 将 Office 安装到 Windows 容器 (servercore:ltsc2019) 失败,错误代码为 17002 2022-01-01
- 为什么Flurl.Http DownloadFileAsync/Http客户端GetAsync需要 2022-09-30