SourceMapSecurity.AspDotNetCore 1.0.0

.NET Core 3.1
dotnet add package SourceMapSecurity.AspDotNetCore --version 1.0.0
NuGet\Install-Package SourceMapSecurity.AspDotNetCore -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="SourceMapSecurity.AspDotNetCore" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SourceMapSecurity.AspDotNetCore --version 1.0.0
#r "nuget: SourceMapSecurity.AspDotNetCore, 1.0.0"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install SourceMapSecurity.AspDotNetCore as a Cake Addin
#addin nuget:?package=SourceMapSecurity.AspDotNetCore&version=1.0.0

// Install SourceMapSecurity.AspDotNetCore as a Cake Tool
#tool nuget:?package=SourceMapSecurity.AspDotNetCore&version=1.0.0

SourceMapSecurity
Easy to use ASP.NET Core middleware for restricting access to JavaScript and CSS source map (.map) files.

This middleware allows you to deploy your source maps to your production environment without worrying about the public from viewing your source maps or debugging JavaScript.

It works by intercepting HTTP requests for .map files and deciding whether or not they should be displayed to the user, depending on your own rules.

Motivations
This project exists because using source maps in production is great, as long as the source map files are protected from public access.

Prerequisites
Your source maps must be external files. This middleware does not help you if you're using inline source maps.
The source map file extensions must end in ".map" (i.e. .js.min.map, .css.min.map, etc.).
(optional) Generate source maps which contain the contents of the original source files, instead of just listing the file paths of the source files and deploying those too. This middleware only protects your source map files, therefore it is highly recommended that you do not deploy your source files separately at all.

Product Versions
.NET net5.0 net5.0-windows net6.0 net6.0-android net6.0-ios net6.0-maccatalyst net6.0-macos net6.0-tvos net6.0-windows net7.0 net7.0-android net7.0-ios net7.0-maccatalyst net7.0-macos net7.0-tvos net7.0-windows
.NET Core netcoreapp3.1
Compatible target framework(s)
Additional computed target framework(s)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.0 188 10/26/2021

How to use
All you need to do is add this middleware to your Configure method in the Startup class.

NOTE: The placement of this middleware in your pipeline is important. You need to make sure this it's added before app.UseStaticFiles();, otherwise it will not restrict access to your source map files.

Most basic configuration (no options specified).
// Default options, all clients are forbidden from downloading source maps and by
// default receive a 403 status code.
app.UseSourceMapSecurity();
More advanced configuration
app.UseSourceMapSecurity(new SourceMapSecurityOptions()
{
   // You can modify the HTTP status code returned to the client when they don't have access,
// in case you would rather not show that a resource is there at all.
   DisallowedHttpStatusCode = 404,

   // You can modify this method to determine whether or not source maps should be returned
// to the client, based on their HttpContext.
   // Returning true means source maps are allowed.
   // Returning false means source maps are disallowed.
   // In this example implementation below, source maps are only allowed if you're logged in,
// or in the development environment.
   IsAllowedAsync = async (context) =>
   {
       if (!env.IsDevelopment() && !context.User.Identity.IsAuthenticated)
       {
           return false;
       }
       return true;
   }
});