node.js - How to hide HTML and other Content in EJS and Node -


having tough time doing simple web site in ejs.

i have set in server file:

    //use .html extension instead of having name views *.ejs     server.engine('.html', require('ejs').__express);      // avoids having provide extension res.render()     server.set('view engine', 'html');      //set directory serve css , javascript files     server.use(express.static(__dirname, '/views')); 

this works great. have html files, have graphics, have css. serving simple controller renders page. nothing dynamic in these pages. want them protected id/password system, , served through express.

the access works fine, have end point set serve them. i'm forcing log in in end point. problem is, if knows actual path files, can @ them. so, access localhost:8081/admin/documentation/. however, files @ /views/app_documents. , entering in localhost:8081/views/app_documents/file_name.html, can download/view content, without going through controls. moved content out of views, , grab in code, , serve up, doesn't work images or css.

any suggestions how around this?

well, things find out after fact.

this:

server.use(express.static(__dirname, '/views')); 

is bad. should be:

server.use(express.static('./views')); 

the way was, download our code, also. so, server.js available download. yikes.

live , learn.

still can download content without going through authentication, though.


Comments

Popular posts from this blog

php - regexp cyrillic filename not matches -

c# - OpenXML hanging while writing elements -

sql - Select Query has unexpected multiple records (MS Access) -