[英]How do I prevent Node.js / Express serving up my application's source code?
I never thought this would be a problem with Node.js and Express, but on a crazy whim I decided to type into a browser the location of one of the source files in my Node.js Express project - something like: 我从没想过这会是Node.js和Express的问题,但是我疯狂地想到要在浏览器中键入我的Node.js Express项目中某个源文件的位置 - 类似于:
http://www.mywebsite.com/mynodejsapp/app.js http://www.mywebsite.com/mynodejsapp/app.js
To my extreme horror , my application's source code popped right up, publicly available for all to see. 令我非常恐怖的是 ,我的应用程序的源代码突然出现,公开供所有人查看。
So, that aside: how do I stop it in Node.js / Express? 那么,除此之外:我如何在Node.js / Express中停止它?
My setup code is pretty straightforward: 我的设置代码非常简单:
var app = express();
app.configure(function() {
app.use(express.static('/home/prod/server/app/public'));
});
app.listen(8888);
To clarify, this is what my folder structure looks like: 为了澄清,这就是我的文件夹结构:
/home/prod/server/
/home/prod/server/app.js
/home/prod/server/public/
All sorts of various files that are intended for public access live under /public
. 意图用于公共接入的各种文件的各种生活在
/public
。 All of my server source code lives under /server/
, and my understanding of Express's static folder configuration is that the static folder is the only place that Express happily serves up files from the filesystem from. 我的所有服务器源代码都在
/server/
,我对Express的静态文件夹配置的理解是,静态文件夹是Express愉快地从文件系统提供文件的唯一地方。
Any ideas? 有任何想法吗?
From what you posted it really smells like the URL you entered is served by eg Apache/nginx/... and you did put your node app within the document root. 从你发布的内容来看,它真的闻起来就像你输入的URL是由Apache / nginx / ...提供的,你确实把你的节点应用程序放在了文档根目录中。 The answer is simple in this (and any similar) case:
这个(以及任何类似的)案例的答案很简单:
You never put any of your sourcecode files within the document root or another HTTP-accessible folder. 您永远不会将任何源代码文件放在文档根目录或其他HTTP可访问文件夹中。 In your case,
/home/prod/server/app/public
should contain only client-side stuff (HTML, CSS, Graphics, (minified) client-side JS) and nginx should not have anything above this folder as its document root. 在你的情况下,
/home/prod/server/app/public
应该只包含客户端的东西(HTML,CSS,图形,(缩小的)客户端JS),nginx不应该有任何高于此文件夹的文件根目录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.