我如何在django上运行javascript而不曝光静态文件?
在我的Django网站上,我使用Stripe将付款集成在.js文件中。
我注意到,当您在任何浏览器上“检查元素”时,此文件都会出现在开发人员工具中的源中。任何人都可以访问此文件(可怕)。
我如何重组我的文件组织,以便apple-pay.js不是公开面对的?
home.html
{% load static %}
<!DOCTYPE html>
<html>
<head>
// Scripts for CSS and Stripe Pay
</head>
<body>
<section>
<div id="payment-request-button" data-amount="{{event.price}}" data-label=".
{{event.public_name}}">
<!-- A Stripe Element will be inserted here if the browser supports this type of payment method. -->
</div>
<div id="messages" role="alert"></div>
</section>
</body>
</html>
Apple-pay.js
document.addEventListener('DOMContentLoaded', async () => {
const stripe = Stripe('pk_mykeyishere'); //need to protect this information and the other functions from bad actors
///functions I run here
});
我的文件结构:
├── Procfile
├── README.md
├── db.sqlite3
├── interface
│ ├── migrations
│ ├── models.py
│ ├── static
│ │ ├── apple-developer-merchantid-domain-association
│ │ └── interface
│ │ ├── apple-pay.js <------------------
│ │ ├── CSS/other JS files
│ ├── templates
│ │ └── interface
│ │ ├── home.html <-------------------
│ ├── urls.py
│ └── views.py
├── manage.py
└── AppName
├── settings.py
├── urls.py
└── wsgi.py
On my Django site, I used Stripe to integrate payments in a .js file.
I noticed that this file appears under Sources in the developer tools when you "Inspect Element" on any browser. Anyone can access this file (scary).
How can I restructure my file organization so that apple-pay.js is not public facing?
home.html
{% load static %}
<!DOCTYPE html>
<html>
<head>
// Scripts for CSS and Stripe Pay
</head>
<body>
<section>
<div id="payment-request-button" data-amount="{{event.price}}" data-label=".
{{event.public_name}}">
<!-- A Stripe Element will be inserted here if the browser supports this type of payment method. -->
</div>
<div id="messages" role="alert"></div>
</section>
</body>
</html>
apple-pay.js
document.addEventListener('DOMContentLoaded', async () => {
const stripe = Stripe('pk_mykeyishere'); //need to protect this information and the other functions from bad actors
///functions I run here
});
My file structure:
├── Procfile
├── README.md
├── db.sqlite3
├── interface
│ ├── migrations
│ ├── models.py
│ ├── static
│ │ ├── apple-developer-merchantid-domain-association
│ │ └── interface
│ │ ├── apple-pay.js <------------------
│ │ ├── CSS/other JS files
│ ├── templates
│ │ └── interface
│ │ ├── home.html <-------------------
│ ├── urls.py
│ └── views.py
├── manage.py
└── AppName
├── settings.py
├── urls.py
└── wsgi.py
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您无法从浏览器用户隐藏JavaScript代码,只能缩小和/或遮盖它,以使人们更难阅读和理解。
Stripe集成不需要您将敏感数据放入任何JavaScript文件中。您应该在服务器端使用该数据。
You cannot hide JavaScript code from browser users, you can only minify and/or obscure it to make it harder for people to read and understand.
Stripe integration does not require you to put sensitive data into any JavaScript file. You should use that data on the server-side.