How to publish only bundled/minified scripts

Question

I have a MVC4 project that is deployed to Azure. The bundling and minification works absolutely fine.

All the script files are in a folder /js which are bundled to /scripts/js

When I publish to Azure using msdeploy, I would like only the bundled/minified script files to be deployed. I don't want anyone getting access to my un-minified scripts by guessing the url.

I understand MVC bundling happens at runtime hence it would require the unbundled files to create the bundles on the fly. This probably needs to be automated with something like grunt maybe?

Want to know what deploy strategy people use in such cases when you dont want to publish unbundled js.

What did you do to solve this? I am having a similar case and want to stop serving files with their url, did you end up using grunt or is there another way? — Bhavin, Mar 31 '15 at 01:44
dint get a solution as such. Using grunt or even web essentials bundling is the way to go i'm thinking. — Yashvit, Apr 01 '15 at 04:35

score 0 · Answer 1 · answered Feb 13 '14 at 11:45

0

using Web Deploy you can set the skip parameter:

http://technet.microsoft.com/en-us/library/dd569089%28WS.10%29.aspx

here's a sample:

http://blog.richardszalay.com/2012/12/18/demystifying-msdeploy-skip-rules/

answered Feb 13 '14 at 11:45

Thiago Custodio

17,332
6
45
90

but how do i minify all the files first? – Yashvit Feb 14 '14 at 04:42
just switch to release mode and build your project or you can create a build definition and use continuos integration to publish your website. – Thiago Custodio Feb 14 '14 at 11:08
since it will publish a release mode, your files will be minified – Thiago Custodio Feb 14 '14 at 11:11
1

No it doesn't minify.. The unminified files go live too. But only the minified files are served. – Yashvit Feb 14 '14 at 15:00

score 0 · Answer 2 · edited May 23 '17 at 12:08

They get your scripts on pageload, so I don't see why them seeing the unminified version should be a big concern, unless maybe you have crazy or offensive comments in your unminified version. Users could use a javascript formatter, like discussed in this SO post to get the minified files back into a readable format.

Though, for your concerns, you could simply drop a web.config file in the deployed /js folder to keep anything from being served up. In my testing, this did not impact minification. Although if you put it in your local folder, you'll have errors bundling in debug mode (since debug mode serves up the individual files and this web.config keeps anything from being served):

<?xml version="1.0"?>
<configuration>
    <system.web>
        <authorization>
            <deny users="*" />
        </authorization>
    </system.web>
</configuration>

Another concern is, depending on how paranoid you are at someone seeing an unminified script, you may have to write your own BundleBuilder class for reasons detailed in How to prevent User-Agent: Eureka/1 to return source code, which reveals how users can see unminified bundles with comments by changing their user-agent.

How to publish only bundled/minified scripts

2 Answers2

Linked