How to prevent the js file to be browser or direct access by url ?

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

Please do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.

This forum is for discussing mojoPortal development

This forum is only for questions or discussions about working with the mojoPortal source code in Visual Studio, obtaining the source code from the repository, developing custom features, etc. If your question is not along these lines this is not the right forum. Please try to post your question in the appropriate forum.

You can monitor commits to the repository from this page. We also recommend developers to subscribe to email notifications in the developer forum as occasionally important things are announced.

Before posting questions here you might want to review the developer documentation.

Do not post questions about design, CSS, or skinning here. Use the Help With Skins Forum for those questions.
This thread is closed to new posts. You must sign in to post in the forums.
10/21/2015 8:04:34 AM
Gravatar
Total Posts 48

How to prevent the js file to be browser or direct access by url ?

Hi , 

Any solution to prevent direct access or view of js in mojoportal ? e.g https://mojoportaldemo.com/Data/Sites/1/skins/28thpara/script.js

By typing the url , the browser will show the js script. Any best way to access denier the browse ? 

I have try add below in web.webserver, but it not working. 

<rewrite>
            <rules>
                <rule name="Prevent direct access" enabled="true" stopProcessing="true">
                  <match url=".*\.(js)$" />
                  <conditions>
                        <add input="{HTTP_REFERER}" negate="true" pattern="^$" />
                        <add input="{HTTP_REFERER}" negate="true" pattern="http://localhost:2050/.*" />
                  </conditions>
                  <action type="Rewrite" url="/blocking.jpg" />
                </rule>
            </rules>
        </rewrite>
 

Any best solution ? 

 

thanks 

10/21/2015 11:27:09 AM
Gravatar
Total Posts 1188
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: How to prevent the js file to be browser or direct access by url ?

Sorry, but given how the Web works, you cannot truly hide anything from a user that is delivered to a browser. The best you could do is to obfuscate the JavaScript, if that's important to you.

10/21/2015 11:46:56 AM
Gravatar
Total Posts 48

Re: How to prevent the js file to be browser or direct access by url ?

Yes, but can we prevent user to direct access to js by typing the url ? 

When user type the url e.g https://mojoportaldemo.com/Data/Sites/1/skins/28thpara/script.js , the script will show on the browser. 

can we have some control when user type in the url of js script, we can direct to a access denied page ? 

thanks 

10/21/2015 4:26:16 PM
Gravatar
Total Posts 1188
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: How to prevent the js file to be browser or direct access by url ?

What you need to understand is that the entire premise of HTTP is that there is complete separation between servers and clients. Servers see only individual incoming HTTP requests and serve them up to the requesting IP address. They don't understand how a web page is constructed, and they have no knowledge of how a client is making a particular request for a resource. So to the server, a resource (let's say MySecret.js) is served to a client the exact same way in each of these scenarios, and the server will not see any difference between them:

  • MySecret.js loaded within an HTML document in a browser
  • MySecret.js loaded within an ASPX page in a browser
  • MySecret.js called by a separate JavaScript program on another server
  • MySecret.js called by a Java program running in a smart light bulb
  • MySecret.js typed directly into the URL bar of a browser

Even if you could somehow lock down a JavaScript file to only be called from within an ASPX page (for example), for performance the browser will end up caching that JavaScript file, so it would be trivial to find it within the browser cache on the user's hard drive.

In short, if the JavaScript file is intended to be executed within browsers, by definition it has to be 100% available for a user of that browser to read.

You must sign in to post in the forums. This thread is closed to new posts.