0

I have a PHP application. It has a login page. From within Chrome, if I do a CTRL-U (view source) within anywhere beyond the login page, I get the login's page HTML.

To the best of my knowledge, I have not implemented any security measure to hide/fudge the HTML.

All my HTML is generated with 'echo' statements. No javascript injection of any kind.

Pressing F12 seems to reveal the correct HTML. It is just too eleboare of a way for when all is required is a simple view source.

Any ideas?

QuesnelJ
  • 35
  • 6
  • [This link](https://stackoverflow.com/questions/41229768/why-does-view-source-issue-a-new-http-request) and [this link (for Firefox, but seems to be relevant)](https://stackoverflow.com/questions/51228872/firefox-view-source-shows-login-page) explains that View Source returns a new uncached request. If the page you're trying to view is behind a login, it won't be authenticated. – aynber Jan 18 '21 at 20:01
  • This makes sense. I never realized that view source caused a new http request. Use to do my development in IE, and it didn't do that. A workaround would be nice. Thanks. – QuesnelJ Jan 18 '21 at 20:34
  • Using the Developer Tools is probably the best way to get around it. If you need to see the page as it was sent to the browser, check the Network tab, and you might be able to get it in the Response tab of the request. – aynber Jan 18 '21 at 20:37

0 Answers0