阻止直接访问js,css文件但允许从index.html访问? [英] Block direct access to js, css file but allow access from index.html?
问题描述
这是我的目录:
- index.html
- data.js
- .htaccess
index.html中的内容:
Content in index.html:
<html>
<body>
<script src="data.js" />
</body>
</html>
我的问题是:
-
我不希望用户通过直接链接看到我的
data.js,例如www.sample.com/data .js
但 data.js 仍允许从 index.html
我在.htaccess中尝试过:
I tried in .htaccess like:
deny from all
或
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg|css|js|png)$ - [F]
但它总是阻止从index.html访问。
But it alway block access from index.html too.
谢谢。
推荐答案
我的提示很容易被绕过,但不小心,我们可能被困。
My tips are easily bypassed, but without be careful, we can be trapped.
你可以替换或rem使用javascript将脚本标记隐藏在页面的实时视图中。但是如果你直接观看网络,你可以很容易地看到javascript文件/代码。
You can replace or remove script tag with javascript for hide this in live view of the page. But if you watch directly the network, you can see easily the javascript file/code.
<div id="RemoveMe0">
<script type="text/javascript">
//This code it is hidden to live view.
var my_var = 5 + 5;
$('#RemoveMe0').remove();
//or document.getElementById("RemoveMe0").innerHTML = "";
</script>
</div>
包括javascript:
For include javascript :
<div id="RemoveMe1">
<script type="text/javascript" src="Javascript/MyJS.js"></script>
<script>
//Your include it is hidden to live view.
$('#RemoveMe1').remove();
</script>
</div>
仅直接查看
将您的文件放入HTML文件(myfile.js到myfile.html),就像在直接视图中一样,您可以执行javascript函数。
Only direct view
Put your files in an HTML file (myfile.js to myfile.html), like this on a direct view you can execute a javascript function.
function Hello() {
alert("Hello");
}
Hello();
//<script>document.body.innerHTML = "";</script>
或者如果您不想重命名文件,可以使用.htaccess文件进行修改文件头。
Or if you don't want to rename your file, you can to use .htaccess file to modify file header.
AddType text/html .js
或者缩小/解析你的JS
你可以使用像这样的工具:
Or minize/parse your JS
You can use tool like this :
- 缩小你的js :这个工具使用eval函数,并试图使你的脚本复杂化。
- Javascript Obfuscator :使初学者的代码复杂化,很容易绕过。
- Google Closure JS编译器:优化,压缩和缩小代码。 这是生产环境的自然工具。
- Javascript to Asm.js
- minize your js : This tool use eval function, and try to complicate your script.
- Javascript Obfuscator : Complicates the code for beginners, it's easy to by-pass.
- Google Closure JS Compiler : Optimize, compress, and minify your code. It is a natural tool for the production environment.
- Javascript to Asm.js
这篇关于阻止直接访问js,css文件但允许从index.html访问?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
