node.js - How to hide HTML and other Content in EJS and Node -
having tough time doing simple web site in ejs.
i have set in server file:
//use .html extension instead of having name views *.ejs server.engine('.html', require('ejs').__express); // avoids having provide extension res.render() server.set('view engine', 'html'); //set directory serve css , javascript files server.use(express.static(__dirname, '/views'));
this works great. have html files, have graphics, have css. serving simple controller renders page. nothing dynamic in these pages. want them protected id/password system, , served through express.
the access works fine, have end point set serve them. i'm forcing log in in end point. problem is, if knows actual path files, can @ them. so, access localhost:8081/admin/documentation/. however, files @ /views/app_documents. , entering in localhost:8081/views/app_documents/file_name.html, can download/view content, without going through controls. moved content out of views, , grab in code, , serve up, doesn't work images or css.
any suggestions how around this?
well, things find out after fact.
this:
server.use(express.static(__dirname, '/views'));
is bad. should be:
server.use(express.static('./views'));
the way was, download our code, also. so, server.js available download. yikes.
live , learn.
still can download content without going through authentication, though.
Comments
Post a Comment