-1

I have registered bundles in Global.asax.cs file. When I enter my domain name with bundles path in browser, I am able to view minified js,css content in browser. How to hide contents from external viewing which are added in bundles. Below URL should not display any content in the browser. Any suggestion please.

https://examplewebsite.com/website/bundles/jscode

public static void RegisterBundles(BundleCollection bundles)
        {
bundles.Add(new ScriptBundle("~/bundles/jscode").Include(
           "~/Scripts/UIScripts/Module1/MainCode1.js",
           "~/Scripts/UIScripts/Module2/MainCode2.js",
           "~/Scripts/UIScripts/Module3/MainCode3.js"
           ));
}
Tech Learner
  • 1,227
  • 6
  • 24
  • 59
  • 2
    What do you mean _restrict contents_? –  Sep 26 '17 at 07:46
  • @Stephen Muecke - When I hit given URL in the browser it should not display js(javascript) contents in the browser. – Tech Learner Sep 26 '17 at 07:47
  • 1
    What does it matter? (they are visible in any web page the user navigates to that includes that bundle) –  Sep 26 '17 at 07:48
  • That's impossible. How do you expect the browser to the run the js if it can't access it. – Liam Sep 26 '17 at 07:48
  • If your putting security in your js then this is a bad idea FYI. – Liam Sep 26 '17 at 07:48
  • If you think that you need to restrict users, to view js content in browser, then change your code/project, this is wrong solution. – SᴇM Sep 26 '17 at 07:51
  • I just want to restrict external viewing only. – Tech Learner Sep 26 '17 at 07:52
  • @Ask_SO you can't tell browser to get your js files privately and show users only its working part. – SᴇM Sep 26 '17 at 07:53
  • 1
    Why? It makes no sense to do this it add's no benefit whatsoever and more to the point, you can't do it. *you can't tell browser to get your js files privately* no – Liam Sep 26 '17 at 07:53
  • I have added one more URL. If I am able to view the code directly then it is security concern right? – Tech Learner Sep 26 '17 at 07:58
  • @Ask_SO. What security concern? –  Sep 26 '17 at 08:00
  • @Stephen Muecke-- In case , If we use session variable in js file it is vulnerable to attack right? – Tech Learner Sep 26 '17 at 08:02
  • Why would you be using a `Session` variable? And how would you do that anyway considering its an external js file (razor code is not parsed in external files) –  Sep 26 '17 at 08:05
  • @Ask_SO You want browser should read the content but external users should not view the content. Is this your expectation? – Tech Learner Sep 26 '17 at 08:07
  • @G01 - Exactly. When I hit direct url, browser should not display contents. – Tech Learner Sep 26 '17 at 08:08
  • Possible duplicate of [How do I hide javascript code in a webpage?](https://stackoverflow.com/questions/6869312/how-do-i-hide-javascript-code-in-a-webpage) – SᴇM Sep 26 '17 at 08:13

2 Answers2

1

Your bundles are nothing more than JavaScript files.

They need to be public and accessible so that the browser can download and execute them. As such you cannot protect them from being viewed. You can minify them, but you can't stop them from being seen.

Andrei Dragotoniu
  • 6,155
  • 3
  • 18
  • 32
1

for enable bundle BundleTable.EnableOptimizations = true; and disable bundle BundleTable.EnableOptimizations = false;

With enable bundle of the files available, but with a lot of complexity

 public static void RegisterBundles(BundleCollection bundles)
    {
    bundles.Add(new ScriptBundle("~/bundles/Filter").Include(
               "~/Scripts/UIScripts/Module1/MainFilter1.js",
               "~/Scripts/UIScripts/Module2/MainFilter2.js",
               "~/Scripts/UIScripts/Module3/MainFilter3.js"
               ));
    BundleTable.EnableOptimizations = true;
    }
Farhad Bagherlo
  • 6,725
  • 3
  • 25
  • 47
  • This has nothing at all to do with the question, and certainly does not prevent the user navigating to the bundle. –  Sep 27 '17 at 00:26