Prevent MVC from using static files like .js, .css, etc.
I created a web application using MVC5 and only got the most recent result from the ITSec department. I was told not to serve static files like .js, .css, .html, image file, etc. For example: someone hit my site with www.mywebsite.com/Scripts/myjs.js
, it will show the content of the file.
I look around and find what people are offering route.Ignores
, but no luck. So my question is:
- How do you achieve this?
- Is there a real security risk? (the document I received from the ITSec department is marked as low risk).
source to share
Mate, Short answer is No, you cannot stop the user to check / see your css / js files, which is simply not possible. Since the browser needs to see your css / js file to render the html, even you hide it in the routing somehow, the user can still see them through the browser easily.
Css / Js files should not contain sensitive / confidential information anyway, this should be how the web page behaves and looks like this, nothing should be with your business logic, at the moment publishing the css / js file should be no risk.
source to share