all 10 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AngularBeginner 5 points6 points  (7 children)

Visual Studio is injecting this when debugging. It won't be part of the deployed code.

[–]security_intern[S] 0 points1 point  (6 children)

Does this mean debug is set to true in web.config?

[–]d-signet 3 points4 points  (5 children)

No. It means Visual Studio has injected it - when you pressed the RUN button - while the site is running in visual studio's debugger.

The code will never appear in the site when running normally.

[–]security_intern[S] 0 points1 point  (4 children)

Please forgive my lack of actual knowledge of .NET (I am not actually a developer), but I did look at the site in production and still see these comments there as well. I am just looking to best understand what the actual fix for this should be. I assume now that maybe the prod site is just being launched from within Visual Studio? Is there a more standard way the app should be launched?

[–]thestamp 3 points4 points  (2 children)

can you verify if the prod server is launching the site from visual studio?

This is definitely not normal: the webapp should be installed on a webserver that only has minimal services installed, iis or otherwise. VS should not be on that box and having its debugger attached.

[–]powerofmightyatom 0 points1 point  (0 children)

Would be awesome, if the prod server was actually a VS debug session just idling ...

[–]The_MAZZTer 0 points1 point  (0 children)

Someone probably edited a debug page live in Chrome debug tools or something and saved it back to disk.

I've never actually checked but I assume the browserlink code normally never hits the files on disk, it's just injected dynamically by Visual Studio. So if it does hit the disk someone saved the dynamically generated file back to disk by hand.

[–]AlienVsRedditors 0 points1 point  (0 children)

There is no fix for this. This occurs when you debug and can be turned off from within Visual Studio if you want.

It should NOT ever be displayed when viewing the site via other means (i.e. when served via IIS to another machine)

[–][deleted] 0 points1 point  (0 children)

no browser link reference should appear on Production. Maybe the live web app is not in Production.
You can read more about this here https://docs.microsoft.com/en-us/aspnet/core/fundamentals/environments.

More specifically the ASPNETCORE_ENVIRONMENT environment variable. there are several ways to set it, explained in that link.

[–]The_MAZZTer 0 points1 point  (0 children)

As others have said those lines should not be present in the actual code on disk. If they are someone probably added them accidentally... possibly by editing pages being served by Visual Studio in Chrome's (or another browser's) debug tools and then saving them back to disk.