nginx拒绝访问JS和CSS [英] nginx deny access to JS and CSS
问题描述
我有一个使用nginx背后设置的node.js设置的网页.一切正常,但我想阻止直接公共访问我的css和js文件
I have a webpage set up using node.js set up behind nginx. Everythings work fine, but I would like to block direct public access to my css and js files
在我的Nginx配置中,我有这样的东西:
In my nginx config I have something like this:
location /style/ {
deny all;
}
location /js/ {
deny all;
}
它确实可以正确阻止访问-当我在网页上查看源代码并尝试直接导航到CSS或链接的js文件时,出现403错误.但是,这也会阻止node/nginx正确使用这些文件来设置页面样式/向页面添加功能
It does correctly block access - when I view source on my webpage and try to navigate directly to the css or linked js files I get a 403 error. However, this also prevents node/nginx from being able to correctly use those files to style/add functionality to the page
阻止人们直接访问这些文件而又仍然能够使用它们显示页面本身的正确方法是什么?
What is the correct way to prevent people from directly accessing those files, while still being able to use them to display the page itself?
推荐答案
没有办法.
浏览器可以访问该文件并在页面中使用它,或者根本无法访问该文件.
Either the browser can access the file and use it in the page, or it can't access the file at all.
您可以使用referer请求标头进行尝试,但是您会得到假阴性,并且下载了该页面的人仍然可以访问JS(无论是从缓存还是从JS在其浏览器的开发人员工具"中的脚本"标签中.
You could try using the referer request header, but you'll get false negatives and people who have downloaded the page will have access to the JS anyway (either from the cache or from the Script tab in their browser's Developer Tools).
这篇关于nginx拒绝访问JS和CSS的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
