如何防止User-Agent:Eureka/1返回源码 [英] How to prevent User-Agent: Eureka/1 to return source code

问题描述

ASP.NET Mono MVC 4 应用程序使用 MVC4 内置捆绑和缩小 css 和 js 文件.

ASP.NET Mono MVC 4 application uses MVC4 built in bundling and minification for css and js files.

如果请求中的用户代理字符串使用 fiddler 更改为 Eureka/1

If user agent string in request is changed to Eureka/1 using fiddler

User-Agent: Eureka/1

并重新发出请求，将包含所有注释的整个源代码发送给客户端.

and request is re-issued, whole source code with all comments are sent to client.

如何防止这种情况导致客户端无法检查源代码中的注释?

How to prevent this so that comments in source code code cannot inspected by client ?

来源:http://www.codeproject.com/文章/728146/ASP-NET-MVC-bundles-internals

我尝试将 debug='false' 添加到 web.config 但问题仍然存在.

I tried to add debug='false' to web.config but problem persists.

推荐答案

我能够通过创建一个继承自 IBundleBuilder 的类来删除注释.这是为 Microsoft ASP.NET Web 优化框架 1.1.3 于 2014 年 2 月 20 日更新:

I was able to remove comments by creating a classes that inherit from IBundleBuilder. This is written for Microsoft ASP.NET Web Optimization Framework 1.1.3 which was updated on 2/20/2014:

public class ScriptBundleBuilder : IBundleBuilder
{
    public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
    {
        var content = new StringBuilder();
        foreach (var file in files)
        {
            FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
            Microsoft.Ajax.Utilities.CodeSettings settings = new Microsoft.Ajax.Utilities.CodeSettings();
            settings.RemoveUnneededCode = true;
            settings.StripDebugStatements = true;
            settings.PreserveImportantComments = false;
            settings.TermSemicolons = true;
            var minifier = new Microsoft.Ajax.Utilities.Minifier();
            content.Append(minifier.MinifyJavaScript(Read(f), settings));
        }

        return content.ToString();
    }

    private string Read(FileInfo file)
    {
        using (var r = file.OpenText())
        {
            return r.ReadToEnd();
        }
    }
} 

public class StyleBundleBuilder : IBundleBuilder
{
    public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
    {
        var content = new StringBuilder();
        foreach (var file in files)
        {   
            FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
            Microsoft.Ajax.Utilities.CssSettings settings = new Microsoft.Ajax.Utilities.CssSettings();
            settings.CommentMode = Microsoft.Ajax.Utilities.CssComment.None;
            var minifier = new Microsoft.Ajax.Utilities.Minifier();
            content.Append(minifier.MinifyStyleSheet(Read(f), settings));
        }

        return content.ToString();
    }

    private string Read(FileInfo file)
    {
        using (var r = file.OpenText())
        {
            return r.ReadToEnd();
        }
    }
} 

然后告诉捆绑包使用这个构建器.此示例适用于 StyleBundle:

And then telling the bundle to use this builder. This example is for a StyleBundle:

public static void RegisterBundles(BundleCollection bundles)
{
    var bundle = new StyleBundle("~/Content/themes/base/css");
    bundle.Builder = new StyleBundleBuilder();
    bundle.Include("~/Content/themes/base/jquery.ui.core.css",
        "~/Content/themes/base/jquery.ui.resizable.css",
        //etc
        );
    bundles.Add(bundle);

    var scriptBundle = new ScriptBundle("~/bundles/modernizr");
    scriptBundle.Builder = new ScriptBundleBuilder();
    scriptBundle.Include("~/Scripts/modernizr-*");
    bundles.Add(scriptBundle);

    BundleTable.EnableOptimizations = true; //for testing
}

这已在 Chrome 中通过将用户代理更改为 Eureka/1.0 进行测试/确认.

This was tested/confirmed in Chrome by changing the user-agent to Eureka/1.0.

至少对于 Web 优化框架的某些早期版本(我认为是 1.0 和更早版本)，唯一的区别是最终参数.所以它看起来像 public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) 并且只需要进行微小的更改即可工作......尽管您可能最好只更新.

For at least some previous versions of the Web Optimization framework (1.0 and prior I think), the only difference was the final parameter. So it would look like public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) and requires only minor changes to make work... though you're likely better off just updating.

关于这个问题，有人提出了在最近的另一篇 SO 帖子中关于在缩小过程中如何去除许可信息的问题.. 我制作了 一个 NuGet 包 来解决这些问题.

Concerning this problem and one brought up in another recent SO post about how licensing information gets stripped out during minification... I made a NuGet Package to address these issues.

这篇关于如何防止User-Agent:Eureka/1返回源码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！