Home > Net >  Can I hide endpoints and targets from the Network tab in the Developer Tools extension on popular br
Can I hide endpoints and targets from the Network tab in the Developer Tools extension on popular br

Time:12-16

I am developing web in react environment.

I have deployed and logged in, but I have witnessed a 401 being written to console.log when login fails.

POST https://www.hihi.com/auth 401 (Unauthorized) xhr.js:187

If an error message is output in this way, the backend API is exposed, which is very bad for security.

And when I open the Chrome network again, an error message is displayed again.

auth 401    xhr xhr.js:187  395 B   93 ms

I want to make it so that it does not show the Network error message or console.log error output. Is there a library or compiler to make this invisible?

CodePudding user response:

If an error message is output in this way, the backend API is exposed, which is very bad for security.

The backend api's endpoint is always known by the client's browser. It's not possible to hide it. The browser must know it to send the request. For this reason, the browser just tells the user -- through the Developer Console -- what servers and paths it's targeting. Because the browser is open they (Chrome, and Firefox) just provide this information. If they didn't another open browser would or being an open source product, someone would just fork it and make that information available.

Prior to Chrome and the existence of a built in Developer Console there were two methods to get this information: with something like wireshark or the old Web Developer Extension.

  • Related