如何prevent的User-Agent:尤里卡/ 1返回源$ C $ C [英] How to prevent User-Agent: Eureka/1 to return source code
问题描述
ASP.NET MVC单4应用程序使用内置的捆绑和缩小的CSS和JS文件MVC4。
ASP.NET Mono MVC 4 application uses MVC4 built in bundling and minification for css and js files.
如果在请求用户代理字符串使用招改为尤里卡/ 1
If user agent string in request is changed to Eureka/1 using fiddler
User-Agent: Eureka/1
和请求重发,整个源$ C $ c。与所有评论都发送到客户端。
and request is re-issued, whole source code with all comments are sent to client.
如何prevent这使源$ C code $ C注释可以通过客户端不检查?
How to prevent this so that comments in source code code cannot inspected by client ?
来源: HTTP://www.codeproject.com /用品/ 728146 / ASP-NET-MVC-包,内部
我试图调试=假添加到的web.config ,但问题仍然存在。
I tried to add debug='false' to web.config but problem persists.
推荐答案
我能够通过创建从 IBundleBuilder 继承一个类来删除注释。这样做是为了的Microsoft ASP.NET Web优化框架1.1.3 写这是更新2014年2月20日:
I was able to remove comments by creating a classes that inherit from IBundleBuilder. This is written for Microsoft ASP.NET Web Optimization Framework 1.1.3 which was updated on 2/20/2014:
public class ScriptBundleBuilder : IBundleBuilder
{
public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
{
var content = new StringBuilder();
foreach (var file in files)
{
FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
Microsoft.Ajax.Utilities.CodeSettings settings = new Microsoft.Ajax.Utilities.CodeSettings();
settings.RemoveUnneededCode = true;
settings.StripDebugStatements = true;
settings.PreserveImportantComments = false;
settings.TermSemicolons = true;
var minifier = new Microsoft.Ajax.Utilities.Minifier();
content.Append(minifier.MinifyJavaScript(Read(f), settings));
}
return content.ToString();
}
private string Read(FileInfo file)
{
using (var r = file.OpenText())
{
return r.ReadToEnd();
}
}
}
public class StyleBundleBuilder : IBundleBuilder
{
public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files)
{
var content = new StringBuilder();
foreach (var file in files)
{
FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath));
Microsoft.Ajax.Utilities.CssSettings settings = new Microsoft.Ajax.Utilities.CssSettings();
settings.CommentMode = Microsoft.Ajax.Utilities.CssComment.None;
var minifier = new Microsoft.Ajax.Utilities.Minifier();
content.Append(minifier.MinifyStyleSheet(Read(f), settings));
}
return content.ToString();
}
private string Read(FileInfo file)
{
using (var r = file.OpenText())
{
return r.ReadToEnd();
}
}
}
和则告诉捆绑使用这种生成器。这个例子是一个StyleBundle:
And then telling the bundle to use this builder. This example is for a StyleBundle:
public static void RegisterBundles(BundleCollection bundles)
{
var bundle = new StyleBundle("~/Content/themes/base/css");
bundle.Builder = new StyleBundleBuilder();
bundle.Include("~/Content/themes/base/jquery.ui.core.css",
"~/Content/themes/base/jquery.ui.resizable.css",
//etc
);
bundles.Add(bundle);
var scriptBundle = new ScriptBundle("~/bundles/modernizr");
scriptBundle.Builder = new ScriptBundleBuilder();
scriptBundle.Include("~/Scripts/modernizr-*");
bundles.Add(scriptBundle);
BundleTable.EnableOptimizations = true; //for testing
}
这是测试/通过改变用户代理,以在Chrome证实尤里卡/ 1.0 。
This was tested/confirmed in Chrome by changing the user-agent to Eureka/1.0.
有关网络优化框架(1.0及以前我认为)至少一些previous版本中,唯一的区别是最后一个参数。因此,它看起来像公共虚拟字符串BuildBundleContent(捆绑包,BundleContext的背景下,IEnumerable的&LT; FileInfo的&GT;文件),只需要轻微的变化,使工作...虽然你可能最好只更新。
For at least some previous versions of the Web Optimization framework (1.0 and prior I think), the only difference was the final parameter. So it would look like public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) and requires only minor changes to make work... though you're likely better off just updating.
关于这个问题,一个长大的
Concerning this problem and one brought up in another recent SO post about how licensing information gets stripped out during minification... I made a NuGet Package to address these issues.
这篇关于如何prevent的User-Agent:尤里卡/ 1返回源$ C $ C的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
