ansaurus

Question

Is it safe to have tell Apache server to handle .js and .css files as PHP?

Answer 1

A:

As long as the .css and .js files that are linked are on a different server it should be safe. All you're telling apache to do is treat .css and .js files as php for the files it serves itself.

John Weldon 2009-06-11 22:45:07

Answer 2

+3 A:

It's not common, by default Apache treats .js and .css files as static files, meaning it does not do any extra processing, it just sends them.

You can configure apache to funnel files of any extension through some kind of program(such as PHP), but it is uncommon for images, css, and other static files.

Kekoa 2009-06-11 22:46:28

Answer 3

+4 A:

It's not unsafe, unless you're allowing users to upload css/js files.

meridimus 2009-06-11 22:48:51

+1. It's probably not going to be an issue for most files, but it could have unintended consequences on the off chance one of your js/css files happens to include the string '<?php' or even just '<?' if you have short tags on.While you can ensure that this won't happen in your own files, if you're using a 3rd party library like YUI, all bets are off. Additionally, you're introducing some pretty serious overhead when it comes to serving those files. As such, while you *probably* won't get into trouble doing this, it's still not advisable.

Frank Farmer 2009-06-12 00:47:48

Answer 4

+10 A:

For dynamic CSS and Javascript you dont' always have to have them in .js or .css files. What you can do there is actually link to a PHP script that generates them so that all other .js and .css files that aren't dynamic aren't parsed by PHP. Generally it is a bad idea to run everything, especially media files, through an app server/dynamic parsing unless absolutely necessary (same goes for .net, RoR, Django etc).

<link rel="stylesheet" type="text/css" href="mycss.css"/>

browser treats the same as:

<link rel="stylesheet" type="text/css" href="mydynamiccss.php?param=somevalue" /> // this one would be dynamic on params, location or something else maybe colors etc.

You can also take dynamic js or css and push it through rewrite so it does have the correct extension but it is actually a php file that is dynamic as well if you don't want your links and script tags to have incorrect extensions.

Ryan Christensen 2009-06-11 22:50:54

Gabe Moothart 2009-06-11 22:55:34

If you are creating javascript or css w/PHP, be sure to set header("Content-type: application/javascript") or header("Content-type: text/css"). Otherwise the browser may not recognize it correctly.

ruquay 2009-06-12 14:28:06

Answer 5

+2 A:

A big problem with this is that it would seriously hamper the ability of Apache to guide caching headers - it treats static files as much more readily cacheable than php files.

I would certainly never do this. I might also question why they are autogenerating javascript in such a large quantity. This answer is much more viable as a method of customising javascript behaviour.

Kazar 2009-06-11 22:52:04

ansaurus

tags:

views:

answers:

Is it safe to have tell Apache server to handle .js and .css files as PHP?

related questions