contents of local server.js.logs exposed after deploying to production #14

vasili-zolotov opened this Issue Dec 22, 2011 · 1 comment


None yet

1 participant


The server.js.logs folder and its contents is clearly visible inside the package (which is just some nested zip files).

On top of that iisnode.exe running in Azure exposes the folder without any regard to the setting in the

Put these two together and you will leak a snapshot of your emulator log when publishing which includes console.log output. Development logs can reveal all sorts of secrets.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment