I'm working on a web app and came to the point where I serve the static css and JS files. In these files I refer like this:
<script type="text/javascript" src="/tmpfiles/js/app2.js"></script>
On the server side I have something like this:
router.PathPrefix("/tmpfiles/").Handler(http.StripPrefix("/tmpfiles/", http.FileServer(http.Dir("."))))
Anybody who has basic knowledge of navigating through directories can see the source code. How do I hide these files and make my application secure?
When you do this:
http.FileServer(http.Dir("."))
You are telling it to serve files from the current directory (where all your source code lives).
What I typically do is have a folder /public, where any static, web accessible files will live. Then you can do:
router.PathPrefix("/tmpfiles/").Handler(
http.StripPrefix("/tmpfiles/", http.FileServer(http.Dir("./public"))))
Which will remove the /tmpfiles/ from the url, and then serve that file from the public directory.