Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 289
Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
|
Why do pages like the following show up in users Page Views? I don't even know how to navigate to that page?
/Themes/YE/JS?v=CoYroDsvcBYmvjarqyk7KOIWCxz4p45Y4d8QrFcXhJU1
|
|
|
|
|
|
Rank: Administration
Groups: Admin, Administrators, HelpDesk, System, Authorized User, Developers, Registered
Joined: 10/5/2018(UTC)
Posts: 175
Thanks: 8 times
Was thanked: 17 time(s) in 15 post(s)
|
Page tracking is logging any server side resource requested when a user visits the page. It means that its logging any communication that page is doing in background against user request. The URL that you mentioned above is the minified script includes for theme that page is using. UPDATE: We need to update the page tracking to void theme script/styles from tracking. Edited by user Friday, November 13, 2020 8:01:44 AM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Rank: Advanced Member
Groups: Developers
Joined: 11/7/2018(UTC)
Posts: 289
Thanks: 21 times
Was thanked: 5 time(s) in 5 post(s)
|
Thanks. There are a lot for _ItemAddedNotify also. The page views registered should be just meaningful ones.
While we're talking about _ItemAddedNotify, we have a site that slowed down because someone kept hitting https://xxx/Checkout/_ItemAddedNotify?allowDisplay=true, among other pages and efforts at sql injection on those pages. Is there any way you can prevent partial views from being displayed in the browser? Navigating to it displays {"hideNotifier":true}. Accepted wisdom in Google says things like "If the file name starts with an underscore IIS will not serve it directly.".
I did run across this and am posting it here so I'll have some place to find it later:https://forums.asp.net/t/1985464.aspx?Prevent+Access+to+Partial+View+from+URL
|
|
|
|
|
|
Rank: Administration
Groups: Admin, Administrators, HelpDesk, System, Authorized User, Developers, Registered
Joined: 10/5/2018(UTC)
Posts: 175
Thanks: 8 times
Was thanked: 17 time(s) in 15 post(s)
|
Thanks for the feedback, I opened a discussion in our logs related to tracking only the meaningful page visits. Regarding your point about preventing the direct access to partial actions, this would need some research. I see the point that you made, keep in mind that both GET/POST request are made to these partial actions so preventing direct access would need not to break dependent features. We will look into your suggestion and if we can limit the exposure of partial actions. I just noticed that you linked a resource from asp.net forums As explained in this thread, in MVC we are not giving direct access on view files, instead its the action name that you see in URL. Basically the URL is not a file so IIS won't be able to intercept. I am aware of about the use of ChildActionAttribute but that would not allow to make ajax get requests. Similarly, using AjaxOnly attribute will limit the use of partial actions to ajax context only. Edited by user Tuesday, November 17, 2020 2:57:48 AM(UTC)
| Reason: Not specified
|
|
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close
