ASP.NET MVC 应用程序页面包含订单标题和订单行。使用了 jquery、jqgrid、jqueru ui 和一些 jqueru ui 插件。所有 js 文件都编译为单个缩小文件 default.js
资源从 ASP .NET MVC 应用程序树中的 ASP.NET 标准脚本、内容和主题子目录加载。
在 Chrome 浏览器中运行审核提出了使静态资源可缓存且不使用 cookie 的建议。
对于第一个审计问题,Mono 似乎禁用了缓存控制。响应标头如下所示:
Cache-Control:private
Connection:Keep-Alive
Date:Sun, 07 Oct 2012 19:38:15 GMT
Keep-Alive:timeout=15, max=97
Server:Apache
对于第二个问题,浏览器似乎为 css 文件和图像发送 cookie:
Connection:keep-alive
Cookie:ASP.NET_SessionId=8E6FF8F8BAE86246BF49C1C5; .MyAuth=fDmFg9sG5ZfQBCwcgOpdrgSH/OcY5+xVyL9XJko1SwObAZcMQbZyNYz4JZ7fTZLBNVhjw23LuKrBiYqM5G0lccXUxkK/S37rToQfmBR4JfmlVTBT; .MyRoles=
如何解决这些问题?最好保留 ASP.NET 应用程序目录结构并提供应用程序子目录中的所有文件
Chrome 审核结果为:
Leverage browser caching (16)
The following resources are explicitly non-cacheable. Consider making them cacheable if possible:
Detail
jquery-ui-1.8.12.custom.css
ui.jqgrid.css
Site.css
default.js
ui-bg_inset-hard_100_fcfdfd_1x100.png
ui-bg_flat_55_fbec88_40x100.png
ui-bg_glass_95_fef1ec_1x400.png
ui-bg_gloss-wave_55_5c9ccc_500x100.png
DokG.png
ui-bg_inset-hard_100_f5f8f9_1x100.png
ui-bg_glass_85_dfeffc_1x400.png
ui-icons_6da8d5_256x240.png
ui-bg_flat_0_aaaaaa_40x100.png
ui-icons_d8e7f3_256x240.png
ui-icons_469bdd_256x240.png
Serve static content from a cookieless domain (14)
2.53KB of cookies were sent with the following static resources. Serve these static resources from a domain that does not set cookies:
jquery-ui-1.8.12.custom.css
ui.jqgrid.css
Site.css
ui-bg_inset-hard_100_fcfdfd_1x100.png
ui-bg_flat_55_fbec88_40x100.png
ui-bg_glass_95_fef1ec_1x400.png
ui-bg_gloss-wave_55_5c9ccc_500x100.png
DokG.png
ui-bg_inset-hard_100_f5f8f9_1x100.png
ui-bg_glass_85_dfeffc_1x400.png
ui-icons_6da8d5_256x240.png
ui-bg_flat_0_aaaaaa_40x100.png
ui-icons_d8e7f3_256x240.png
ui-icons_469bdd_256x240.png