英文:
How to get data in json or download json file from a website created by React?
问题
我使用React创建了一个网站。在网站中,使用 json-loader
导入了一些 JSON 文件。
我想知道访问者是否可以提取/下载这些 JSON 文件。
我尝试使用 Google Developer Tools 以及 React Developer Tool 扩展,但似乎找不到获取 JSON 文件数据的方法。
原因是我只是想测试一下这些 JSON 文件是否可以出于安全原因被外部提取/下载。
英文:
I have created a website using React. In the website, some json files are imported using json-loader
.
I would like to know if the json files can be extracted/downloaded by visitors.
I tried Google Developer Tools along with React Developer Tool extension but can't seem to find a way to get the data of the json files.
The reason is that I just want to test if the json files could be extracted/downloaded externally for security reasons.
答案1
得分: 2
json-loader
模块将一个 json
文件转换为一个模块,该模块被导入到代码中并合并到一个 bundle 中。
如果以这种方式导入 json
文件,它将被视为源代码。
然而,当尝试从 http-server
请求 json
文件作为文件时,实际上是在要求服务器在网站的静态内容中搜索文件。
如果 json
文件未列在静态内容文件夹中,服务器将找不到它。
从安全角度来看,没有任何阻止用户从你的 react
bundle 中下载并提取 json
数据的措施。如果数据是敏感的,不应将其包含在 bundle 中,也不应通过 http-server 公开。为了保护数据,你需要将其保存在后端,并为前端提供一个 API,以请求数据的经过处理或部分不太敏感的部分。
英文:
The json-loader
module converts a json
file into a module that is imported into the code and merged into a bundle.
If you import a json
file in this way, it is treated as a source code.
However, when you try to request a json
file as a file from http-server
, you are asking a server to search for a file within the website's static content.
If json
file is not listed in the static content folder, the server won't be able to find it.
On the other hand, from a security perspective, nothing prevents users from downloading your react
bundle and extracting json
data from it. If the data is sensitive, you shouldn't include it in your bundle nor expose it through your http-server. To protect it, you will have to keep it on the backend and provide the front-end with an API to request the processed/partially less sensitive parts of your data to front-end.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论