I never thought this would be a problem with Node.js and Express, but on a crazy whim I decided to type into a browser the location of one of the source files in my Node.js Express project - something like:
我从没想过这会是Node.js和Express的问题,但是我疯狂地想到要在浏览器中输入我的Node.js Express项目中一个源文件的位置 - 类似于:
http://www.mywebsite.com/mynodejsapp/app.js
http://www.mywebsite.com/mynodejsapp/app.js
To my extreme horror, my application's source code popped right up, publicly available for all to see.
令我极为恐惧的是,我的应用程序的源代码突然出现,公开供所有人查看。
So, that aside: how do I stop it in Node.js / Express?
那么,除此之外:我如何在Node.js / Express中停止它?
My setup code is pretty straightforward:
我的设置代码非常简单:
var app = express();
app.configure(function() {
app.use(express.static('/home/prod/server/app/public'));
});
app.listen(8888);
To clarify, this is what my folder structure looks like:
为了澄清,这就是我的文件夹结构:
/home/prod/server//home/prod/server/app.js/home/prod/server/public/
/ home / prod / server / /home/prod/server/app.js / home / prod / server / public /
All sorts of various files that are intended for public access live under /public. All of my server source code lives under /server/, and my understanding of Express's static folder configuration is that the static folder is the only place that Express happily serves up files from the filesystem from.
用于公共访问的各种各种文件都位于/ public下。我的所有服务器源代码都在/ server /下,我对Express的静态文件夹配置的理解是,静态文件夹是Express愉快地从文件系统提供文件的唯一地方。
Any ideas?
有任何想法吗?
1 个解决方案
#1
10
From what you posted it really smells like the URL you entered is served by e.g. Apache/nginx/... and you did put your node app within the document root. The answer is simple in this (and any similar) case:
根据您发布的内容,您输入的网址实际上就像您输入的网址一样。 Apache / nginx / ...并且您确实将节点应用程序放在文档根目录中。这个(以及任何类似的)案例的答案很简单:
You never put any of your sourcecode files within the document root or another HTTP-accessible folder. In your case, /home/prod/server/app/public should contain only client-side stuff (HTML, CSS, Graphics, (minified) client-side JS) and nginx should not have anything above this folder as its document root.
您永远不会将任何源代码文件放在文档根目录或其他HTTP可访问文件夹中。在你的情况下,/ home / prod / server / app / public应该只包含客户端的东西(HTML,CSS,图形,(缩小的)客户端JS),而nginx不应该有任何高于此文件夹的文件根目录。
#1
10
From what you posted it really smells like the URL you entered is served by e.g. Apache/nginx/... and you did put your node app within the document root. The answer is simple in this (and any similar) case:
根据您发布的内容,您输入的网址实际上就像您输入的网址一样。 Apache / nginx / ...并且您确实将节点应用程序放在文档根目录中。这个(以及任何类似的)案例的答案很简单:
You never put any of your sourcecode files within the document root or another HTTP-accessible folder. In your case, /home/prod/server/app/public should contain only client-side stuff (HTML, CSS, Graphics, (minified) client-side JS) and nginx should not have anything above this folder as its document root.
您永远不会将任何源代码文件放在文档根目录或其他HTTP可访问文件夹中。在你的情况下,/ home / prod / server / app / public应该只包含客户端的东西(HTML,CSS,图形,(缩小的)客户端JS),而nginx不应该有任何高于此文件夹的文件根目录。