Prevent MVC from using static files like .js, .css, etc.

Question

Prevent MVC from using static files like .js, .css, etc.

I created a web application using MVC5 and only got the most recent result from the ITSec department. I was told not to serve static files like .js, .css, .html, image file, etc. For example: someone hit my site with www.mywebsite.com/Scripts/myjs.js

, it will show the content of the file.

I look around and find what people are offering route.Ignores

, but no luck. So my question is:

How do you achieve this?
Is there a real security risk? (the document I received from the ITSec department is marked as low risk).

+3

javascript security c # asp.net-mvc iis

warheat1990 June 26. At 2:51 am

source to share

1 answer

Kevin Simple · Accepted Answer · 2015-06-26T03:03:53+0000

Mate, Short answer is No, you cannot stop the user to check / see your css / js files, which is simply not possible. Since the browser needs to see your css / js file to render the html, even you hide it in the routing somehow, the user can still see them through the browser easily.

Css / Js files should not contain sensitive / confidential information anyway, this should be how the web page behaves and looks like this, nothing should be with your business logic, at the moment publishing the css / js file should be no risk.

Prevent MVC from using static files like .js, .css, etc.

More articles: