Reputation: 1701
Can user see the fetched documents using devtools?
If I am fetching user documents to just show profile Image to the unauthorized user. Will he somehow be able to see the whole document using dev tools.
Upvotes: 0
Views: 30
Answers (2)
Reputation: 188
Yes. Ctrl+Shift+I, Network tab - there is all communication Client/Server. Also you can switch between subtabs in order to categorize them resorce types.
Upvotes: 0
Reputation: 4819
Yes, in Chrome you can see all network requests and their response data in the devtools network tab.
As said before in the comments, an user can see all communication between him and the server.
The frontend shouldn't be responsible for securing the backend, the backend should never send data in a response that the user isn't authorized for in the first place.
Upvotes: 2
Related Questions
- Preventing Users to view my JavaScript source file
- Can a Website owner see if I run custom Javascript in DevTools
- Can a user see all the files in my website?
- hide files from inspect element?
- How to prevent show xml content in Chrome's devtool?
- Google docs viewer with files requiring authorization?
- Secure javascript code from being executed by dev tools (Firebase)
- Viewing user defined DOM propeties in native dev tools
- Is there any Method which could determine if user has access to document?
- Is it generally safe that people can view your js files