[thelist] [SPAM] how to prevent hotlinking of JS files (ASP.NET)

Anthony Baratta anthony at baratta.com
Wed May 31 11:19:39 CDT 2006

One way is to create a wrapper ASPX page. e.g. javascript.aspx which checks the referrer (blank or your own domain) and if passes grabs the real JS file and streams that to the browser. You can then name the hidden JS file to anything you want, making random guessing pretty hard.

YourJS link would look this:

[script language="javascript" type="text/javascript" src="/scripts/leachproof.aspx"][/script]

Make sure you set the mime type to text/javascript when you send the JS file back to the browser.

P.S. You could use one wrapper script and pass a queryString to the wrapper to pick which file you wanted:

[script language="javascript" type="text/javascript" src="/scripts/leachproof.aspx?src=Main"][/script]
[script language="javascript" type="text/javascript" src="/scripts/leachproof.aspx?src=Secondary"][/script]

Hope that helps.

More information about the thelist mailing list