1

I am using ASP.NET Core Web Optimizer. It has cache busting feature that will append a unique string to the end of script or CSS links.

A sample of the appended string is like this: ....script.js?v=8UnFL4zesLGMnNgeUbnu9OOWly7_ES--Qx-E_tWr2NQ

This works well, unfortunately, our corporate firewall does not like this and block this URL as SQL injection... (ok you may laugh out loud..., go ahead). The firewall is Azure WAF.

I know better than fighting the bureaucracy in my company, so is there any way I could customize the algorithm to sidestep this issue?

I imagine, for our intent and purpose, using DateTime.Ticks would be enough, that would also appease the firewall.

Rosdi Kasim
  • 24,267
  • 23
  • 130
  • 154
  • I believe you cannot extend it, because this is how it's defined: https://github.com/ligershark/WebOptimizer/blob/master/src/WebOptimizer.Core/FileVersionProvider.cs#L94. And this class is used directly in `BaseTagHelper` without DI or something like that. So best option is to ask developers to add such possibility, or do that yourself and compile your own version of this library – Evk Nov 06 '20 at 16:13
  • Yea I inspected the code and tried to subclass `Asset` class, unfortunately, it is `internal`. – Rosdi Kasim Nov 06 '20 at 17:44

0 Answers0