如何防止 User-Agent: Eureka/1 返回源代码 [英] How to prevent User-Agent: Eureka/1 to return source code

问题描述

ASP.NET Mono MVC 4 应用程序使用 MVC4 内置的 css 和 js 文件的捆绑和缩小.

ASP.NET Mono MVC 4 application uses MVC4 built in bundling and minification for css and js files.

如果使用 fiddler 将请求中的用户代理字符串更改为 Eureka/1

If user agent string in request is changed to Eureka/1 using fiddler

User-Agent: Eureka/1

并重新发出请求，将带有所有注释的完整源代码发送给客户端.

and request is re-issued, whole source code with all comments are sent to client.

如何防止这种情况导致客户端无法检查源代码中的注释?

How to prevent this so that comments in source code code cannot inspected by client ?

来源:http://www.codeproject.com/文章/728146/ASP-NET-MVC-bundles-internals

我尝试将 debug='false' 添加到 web.config 但问题仍然存在.

I tried to add debug='false' to web.config but problem persists.

推荐答案

我能够通过创建从 IBundleBuilder 继承的类来删除注释.这是为 Microsoft ASP.NET Web Optimization Framework 1.1.3 于 2/20/2014 更新:

I was able to remove comments by creating a classes that inherit from IBundleBuilder. This is written for Microsoft ASP.NET Web Optimization Framework 1.1.3 which was updated on 2/20/2014:

public class ScriptBundleBuilder : IBundleBuilder
{
    public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
    {
        var content = new StringBuilder();
        foreach (var file in files)
        {
            FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
            Microsoft.Ajax.Utilities.CodeSettings settings = new Microsoft.Ajax.Utilities.CodeSettings();
            settings.RemoveUnneededCode = true;
            settings.StripDebugStatements = true;
            settings.PreserveImportantComments = false;
            settings.TermSemicolons = true;
            var minifier = new Microsoft.Ajax.Utilities.Minifier();
            content.Append(minifier.MinifyJavaScript(Read(f), settings));
        }

        return content.ToString();
    }

    private string Read(FileInfo file)
    {
        using (var r = file.OpenText())
        {
            return r.ReadToEnd();
        }
    }
} 

public class StyleBundleBuilder : IBundleBuilder
{
    public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
    {
        var content = new StringBuilder();
        foreach (var file in files)
        {   
            FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
            Microsoft.Ajax.Utilities.CssSettings settings = new Microsoft.Ajax.Utilities.CssSettings();
            settings.CommentMode = Microsoft.Ajax.Utilities.CssComment.None;
            var minifier = new Microsoft.Ajax.Utilities.Minifier();
            content.Append(minifier.MinifyStyleSheet(Read(f), settings));
        }

        return content.ToString();
    }

    private string Read(FileInfo file)
    {
        using (var r = file.OpenText())
        {
            return r.ReadToEnd();
        }
    }
} 

然后告诉包使用这个构建器.此示例适用于 StyleBundle:

And then telling the bundle to use this builder. This example is for a StyleBundle:

public static void RegisterBundles(BundleCollection bundles)
{
    var bundle = new StyleBundle("~/Content/themes/base/css");
    bundle.Builder = new StyleBundleBuilder();
    bundle.Include("~/Content/themes/base/jquery.ui.core.css",
        "~/Content/themes/base/jquery.ui.resizable.css",
        //etc
        );
    bundles.Add(bundle);

    var scriptBundle = new ScriptBundle("~/bundles/modernizr");
    scriptBundle.Builder = new ScriptBundleBuilder();
    scriptBundle.Include("~/Scripts/modernizr-*");
    bundles.Add(scriptBundle);

    BundleTable.EnableOptimizations = true; //for testing
}

通过将用户代理更改为 Eureka/1.0，在 Chrome 中对此进行了测试/确认.

This was tested/confirmed in Chrome by changing the user-agent to Eureka/1.0.

至少对于 Web 优化框架的某些早期版本(我认为是 1.0 和更早版本)，唯一的区别是最终参数.所以它看起来像 public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) 并且只需要很小的改动就可以工作......尽管你可能最好只更新.

For at least some previous versions of the Web Optimization framework (1.0 and prior I think), the only difference was the final parameter. So it would look like public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) and requires only minor changes to make work... though you're likely better off just updating.

关于这个问题，有人在在最近的另一篇 SO 帖子中提到了在缩小过程中许可信息如何被剥离... 我制作了NuGet 包来解决这些问题.

Concerning this problem and one brought up in another recent SO post about how licensing information gets stripped out during minification... I made a NuGet Package to address these issues.

这篇关于如何防止 User-Agent: Eureka/1 返回源代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！