How does Facebook disable the browser's integrated Developer Tools?
I'm a security engineer at Facebook and this is my fault. We're testing this for some users to see if it can slow down some attacks where users are tricked into pasting (malicious) JavaScript code into the browser console.
Just to be clear: trying to block hackers client-side is a bad idea in general;
this is to protect against a specific social engineering attack.
If you ended up in the test group and are annoyed by this, sorry.
I tried to make the old opt-out page (now help page) as simple as possible while still being scary enough to stop at least some of the victims.
The actual code is pretty similar to @joeldixon66's link; ours is a little more complicated for no good reason.
Chrome wraps all console code in
with ((console && console._commandLineAPI) || {}) {
<code goes here>
}
... so the site redefines console._commandLineAPI
to throw:
Object.defineProperty(console, '_commandLineAPI',
{ get : function() { throw 'Nooo!' } })
This is not quite enough (try it!), but that's the
main trick.
Epilogue: The Chrome team decided that defeating the console from user-side JS was a bug and fixed the issue, rendering this technique invalid. Afterwards, additional protection was added to protect users from self-xss.
How to disable browser developer tools?
No you cannot do this.
The developer menu is on the client side and is provided by the user's browser.
Also the browser developer should have nothing to do with your server side database code, and if it does, you need some maaaaaajor restructuring.
Preventing users to enter into developers tools
There are keys you can't intercept, and ways into devtools that you can't intercept (e.g., via menus).
If you're tring to protect your code or some such, you just can't, full stop. Anything that goes to the client is accessible to the user.
If you're trying to prevent the user getting themselves into trouble in devtools, you might do what Facebook does, which is output a big bold message to the console warning users not to use it:
Related Topics
How to Make a Promise from Settimeout
Getting Around X-Frame-Options Deny in a Chrome Extension
How to Access Parent Iframe from JavaScript
How to Submit a Form Using JavaScript
JavaScript Setinterval and 'This' Solution
Create Object from Class Name in Javasscript Ecmascript 6
Promise.All Consumes All My Ram
How to Render Components with Different Layouts/Elements Using React-Router-Dom V6
Browsers, Time Zones, Chrome 67 Error (Historic Timezone Changes)
How to Pass Data from a Page to Another Page Using React Router
Long Processing Time Likely Due to Getvalue and Cell Inserts
Node.Js on Multi-Core MAChines
How to Set the Value Property in Angularjs' Ng-Options
How to Get File Extensions with JavaScript
Jquery Load More Data on Scroll