如何防止User

本文介绍了如何防止User-Agent:Eureka/1返回源码的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

ASP.NET Mono MVC 4 应用程序使用 MVC4 内置捆绑和缩小 css 和 js 文件.

ASP.NET Mono MVC 4 application uses MVC4 built in bundling and minification for css and js files.

如果请求中的用户代理字符串使用 fiddler 更改为 Eureka/1

If user agent string in request is changed to Eureka/1 using fiddler

User-Agent: Eureka/1

并重新发出请求，将包含所有注释的整个源代码发送给客户端.

and request is re-issued, whole source code with all comments are sent to client.

如何防止这种情况导致客户端无法检查源代码中的注释?

How to prevent this so that comments in source code code cannot inspected by client ?

来源:www.codeproject/文章/728146/ASP-NET-MVC-bundles-internals

我尝试将 debug='false' 添加到 web.config 但问题仍然存在.

I tried to add debug='false' to web.config but problem persists.

推荐答案

我能够通过创建一个继承自 IBundleBuilder 的类来删除注释.这是为 Microsoft ASP.NET Web 优化框架 1.1.3 于 2014 年 2 月 20 日更新:

I was able to remove comments by creating a classes that inherit from IBundleBuilder. This is written for Microsoft ASP.NET Web Optimization Framework 1.1.3 which was updated on 2/20/2014:

public class ScriptBundleBuilder : IBundleBuilder { public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files) { var content = new StringBuilder(); foreach (var file in files) { FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath)); Microsoft.Ajax.Utilities.CodeSettings settings = new Microsoft.Ajax.Utilities.CodeSettings(); settings.RemoveUnneededCode = true; settings.StripDebugStatements = true; settings.PreserveImportantComments = false; settings.TermSemicolons = true; var minifier = new Microsoft.Ajax.Utilities.Minifier(); content.Append(minifier.MinifyJavaScript(Read(f), settings)); } return content.ToString(); } private string Read(FileInfo file) { using (var r = file.OpenText()) { return r.ReadToEnd(); } } } public class StyleBundleBuilder : IBundleBuilder { public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<BundleFile> files) { var content = new StringBuilder(); foreach (var file in files) { FileInfo f = new FileInfo(HttpContext.Current.Server.MapPath(file.VirtualFile.VirtualPath)); Microsoft.Ajax.Utilities.CssSettings settings = new Microsoft.Ajax.Utilities.CssSettings(); settings.CommentMode = Microsoft.Ajax.Utilities.CssComment.None; var minifier = new Microsoft.Ajax.Utilities.Minifier(); content.Append(minifier.MinifyStyleSheet(Read(f), settings)); } return content.ToString(); } private string Read(FileInfo file) { using (var r = file.OpenText()) { return r.ReadToEnd(); } } }

然后告诉捆绑包使用这个构建器.此示例适用于 StyleBundle:

And then telling the bundle to use this builder. This example is for a StyleBundle:

public static void RegisterBundles(BundleCollection bundles) { var bundle = new StyleBundle("~/Content/themes/base/css"); bundle.Builder = new StyleBundleBuilder(); bundle.Include("~/Content/themes/base/jquery.ui.core.css", "~/Content/themes/base/jquery.ui.resizable.css", //etc ); bundles.Add(bundle); var scriptBundle = new ScriptBundle("~/bundles/modernizr"); scriptBundle.Builder = new ScriptBundleBuilder(); scriptBundle.Include("~/Scripts/modernizr-*"); bundles.Add(scriptBundle); BundleTable.EnableOptimizations = true; //for testing }

这已在 Chrome 中通过将用户代理更改为 Eureka/1.0 进行测试/确认.

This was tested/confirmed in Chrome by changing the user-agent to Eureka/1.0.

至少对于 Web 优化框架的某些早期版本(我认为是 1.0 和更早版本)，唯一的区别是最终参数.所以它看起来像 public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) 并且只需要进行微小的更改即可工作......尽管您可能最好只更新.

For at least some previous versions of the Web Optimization framework (1.0 and prior I think), the only difference was the final parameter. So it would look like public virtual string BuildBundleContent(Bundle bundle, BundleContext context, IEnumerable<FileInfo> files) and requires only minor changes to make work... though you're likely better off just updating.

关于这个问题，有人提出了在最近的另一篇 SO 帖子中关于在缩小过程中如何去除许可信息的问题.. 我制作了 一个 NuGet 包 来解决这些问题.

Concerning this problem and one brought up in another recent SO post about how licensing information gets stripped out during minification... I made a NuGet Package to address these issues.