6

In my angular application if I go to dev tools network tab I will be able to see the response and request coming from the back end. Do anyone know how to hide or mask this data, is this possible if I do the server-side rendering?

bharath bhushan
  • 197
  • 1
  • 3
  • 11
  • why do you want to hide?what kind of data are you requesting – Madhawa Priyashantha Mar 01 '19 at 06:54
  • @MadhawaPriyashantha can I know why do you want to know the reason behind Op's requirement? Are there separate masking methods based on the reason for hiding? – Krishna Prashatt Mar 01 '19 at 06:56
  • 1
    @KrishnaPrashatt no but it may be a xy problem.https://meta.stackexchange.com/questions/66377/what-is-the-xy-problem – Madhawa Priyashantha Mar 01 '19 at 06:57
  • 2
    It's pointless to do this, and anyway you can't. If the data is flowing to and from your web application then it's visible to the user potentially. That's just how the web works. Half of it will be data they themselves have entered anyway. If you run your site on HTTPS then the data will private between the browser and the server. I don't know what problem you think you will solve with this idea? Can you explain what the issue is? – ADyson Mar 01 '19 at 06:57
  • 1
    Don't send any data to the client that you don't trust the client to know. – CertainPerformance Mar 01 '19 at 06:58
  • @MadhawaPriyashantha Got it! Thanks for enlightening me – Krishna Prashatt Mar 01 '19 at 06:59
  • While the user is registering and logging in he sends the password in the request and this can be visible in the network tab and in my application auth token is also sent in the request and that is also visible in the network tab and we have a android clint too and they can hide these things very easily. – bharath bhushan Mar 01 '19 at 07:06
  • @MadhawaPriyashantha sites like "justdial" they are hiding the JSON responses only HTML CSS and photos are only visible how are they doing this are they using server-side rendering. – bharath bhushan Mar 01 '19 at 07:15
  • 1
    @bharathbhushan in case use https to avoid man in the middle kind attacks.there is no point of hiding it.if some want they will find it using another tool – Madhawa Priyashantha Mar 01 '19 at 07:16
  • @MadhawaPriyashantha Thank you for the help, using https will encode and decode req and res from the client to server ?. – bharath bhushan Mar 01 '19 at 07:24
  • @bharathbhushan it encrypt data. more details https://stackoverflow.com/questions/6241991/how-exactly-https-ssl-works – Madhawa Priyashantha Mar 01 '19 at 07:27
  • You said "While the user is registering and logging in he sends the password in the request and this can be visible in the network tab and in my application auth token is also sent " ...those things already belong to the user. They typed in the password themselves! The only person who can see the content of the Network tab is the person using the browser, i.e. the user whose password it is! It is not visible outside that. As we said, if you use HTTPS then once the data leaves the browser it is encrypted until it arrives at the server. It cannot be intercepted by anyone else. – ADyson Mar 01 '19 at 07:43
  • Of course that's not to say that data cannot be stolen from a browser session by other malicious actors using things like script injection etc, but that's a separate topic entirely, and has nothing to do with what is visible in the Network tools (or any of the other Developer tools) – ADyson Mar 01 '19 at 07:45
  • Ive tried to summarise in an answer, this is not a strong topic for myself so anyone with a better understanding feel free to post edits. – devDan Mar 01 '19 at 08:01
  • Does this answer your question? [Is it possible to hide network traffic from a browsers developer console?](https://stackoverflow.com/questions/54487643/is-it-possible-to-hide-network-traffic-from-a-browsers-developer-console) – Nico Haase May 05 '23 at 11:20

1 Answers1

7

Requests will be shown.

This cannot be stopped, the application is making requests and this will be logged to the network tab by the browser, as mentioned in the comments, if there are security concenrns you should be handling this a different way. Do not send data to the client that they should not be allowed access to in the first place.

To try and ensure security run over HTTPS on the off chance to data gets intercepted, that way it will not be usable data. Most data, as mentioned in the comments, will be provided by the user. Meaning in should not need to be hidden within the network tab.

Worst case scenario, someone physically sits at their computer and reads what is in the network tab, but this is a scenario that cant be accounted for when developing applications. You could base64 encode data that is being sent to and from so it is less readable to anyone who should see the network tab. Here are some resources to have a look through related to the question.

HTTPS summerised // base64 encode // Angular's security section

devDan
  • 5,969
  • 3
  • 21
  • 40