Seriously, the Chrome team just landed a patch that lets sites block "View Source" _right in the middle_ of the Chrome Dev Summit.
(To everyone saying "this is just an enterprise policy": Look at the conversations in the bugs.
Somebody said, to the Chromium team, schools are using Google Forms for testing, and the kids can see the right answers in the forms, so to address that, we want to prevent students from reading source code.
And without an ounce of pushback, without so much as a nod in the direction that this might not be the right solution to this problem, the Chromium team said yes.)
@mhoye still kinda unchill, but this is for a chrome enterprise feature (i.e. business network admins can block users on their network from using view source to get around network blocks), i don't think this lets any website remove view source
Consider platforms like Windows 11 requiring remote login by the user (does ChromeOS do this? IDK). Seems like the remote party would then have some kind of management interface access on the PC.
How eager are these monopolists for enforcing in-browser IP protection schemes?
We should really boycott that browser ... It makes me sick when I see colleagues using it 🤢🤢🤢🤮
@mhoye sites? The patch ( https://chromium.googlesource.com/chromium/src/+/e72fc9b64116bf259e516096fcc60b58ae8ae1b3^!/ ) looks like it’s for admin settings.
And tbh you don’t really need to block view-source: in websites, obfuscation of web content is going strong these days and I wouldn’t be surprised to see broken encryption (à la DRM where you give the decryption keys anyway).
@mhoye @neauoire Just to be clear, this setting appears to be a group policy setting, like for work/school admins to disallow View Source on Chrome on their machine. It's not for any ol' website to block visitors from using View Source. Reading the source it does indeed look like policy setting and not a web API. Of course, I won't be surprised at all if it later ends up being a setting websites can use :P
Tweet from the submitter of the code review: https://twitter.com/ericlaw/status/1457884158391373833
@neauoire @mhoye Ehh, it doesn't worry me; most browsers allow really granular control over various functionality via Group Policy. I actually use it to turn off a bunch of "what's new" update bullshit in Firefox. Fortunately, making an API available to websites themselves is quite different. I'm not really worried by this, but I don't trust Chrome whatsoever anyways and don't use it. I use Firefox kinda reluctantly, for that matter. 😂
@firstname.lastname@example.org This smells like the beginnings of NFTs that can't be yoinked, how long until they take away the context menu entirely? x3
how the fuck do people not think that google has too much control over their lives?
@mhoye how the fuck does anyone who knows better actually use chrome these days?
like yeah sure mozilla isn't great but firefox is still fully-featured and it still *kinda* respects you
@mhoye Now we are all going to write little proxy blobs for every OS that filter the view-source-block header from the requests.
This is so futile.
I can't believe that the Chrome team would go for such a blatant corporate-partners-told-us-to-do-it bullshit.
@mhoye misleading title, but honestly the fact that it was so believable that this was a feature for private users probably says something.
@mhoye, this marks the end of an era.
What next? Have a judge declare CURL and WGET "illegal" hacking tools? And have an option to disable dev tools and a list of "allowed browser extensions". Then "make" everyone a hacker?
This is some coinbro NFT-level stupidity right here.
@mhoye I think its not webpages but for example your school admin which can set that up (unless I misunderstood what URLBlocklist is). Seems to be mostly to swipe shitty quiz pages and web blockers under the rug, see https://bugs.chromium.org/p/chromium/issues/detail?id=895462
@email@example.com Finally! Microsoft and Google can collaborate to ruin the internet instead of splitting their efforts, this is just what the web needed!
@mhoye who does this stop even? people that would click the button can change browser or use a fork, is it literally just to show how evil they are?
I wonder how long until someone develops an add-on that counters it? 🤔
Probably won't be allowed on the Chrome store, though.
@mhoye the utterly ridiculous thing is that they added this to the browser as a *workaround* for incorrectly implemented test sites exposing answers to users instead of doing correct server-side validation :/
This doesn't need to be in the browser. Just fix the damn test sites. (If the test vendor refuses to fix it, well, it's time for a new vendor?)
@kepstin @mhoye this sounds a lot like it could even be related to that court case somewhere in the southern US accusing someone who reported that SSNs were being sent in the HTML of a government webpage and is now getting sued for hacking them. It is dissapointing that web browser developers are so uncritical that they'd unquestioningly implement this when it goes against the core of what the web is.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!