Restriction Option for the Web Viewer Plugin

Use case or problem

The introduction of a built-in web browser (Web Viewer Core plugin) in Obsidian has created an unrestricted gateway to the internet. Unlike standalone browsers, this feature bypasses system-wide content filters such as Apple’s Screen Time, which many users rely on for personal accountability and parental controls.

As a former porn addict and a concerned parent, I use these restrictions to maintain a safe and focused digital environment. While Obsidian is primarily a note-taking tool, this new browser changes its nature, introducing internet access without any built-in safeguards. Previously, there was little reason to worry about Obsidian from a filtering standpoint - now, that has changed. I know some access could be achieved through canvas/iframes etc., but even this wasn’t an obvious gateway to the open web. Now anyone can simply type in ‘xxx website here’ and go straight there.

It’s clear that the developers have put thought into aspects like ad blocking and viewer data , but seemingly without consideration for the broader dangers of unrestricted internet access .

Proposed solution

I propose adding a password/PIN restriction for enabling the Web Browser plugin. This would allow parents or accountability partners to set a control, ensuring that Obsidian remains a focused and safe tool for all users.

Alternatively, more helpful tools could be developed to simply firewall internet connections within Obsidian for concerned users.

Current workaround (optional)

Related feature requests (optional)

Mod edit to remove pornographic link.

Hello everyone,

This is a question about blocking the Obsidian Web Viewer from accessing the internet while still allowing Obsidian Sync.
My under-age son is tech-savvy and uses Obsidian. We have certain rules imposed in the Browser he uses. E.g. certain plug-ins that protect him from adult content, excessive social media use and so on.
Now that Obsidian Web-Viewer exists, it avoids the setups we’ve made in his browser because he can browse with Obsidian Web Viewer.
I want to specifically know how to block Internet Access of the Obsidian Web Viewer while generally allowing Obsidian to access the Internet, e.g. for Sync.
Please don’t refer to other solutions, such as Secure DNS, Parental Controls software or Router settings. What I’m looking for specifically is something like a Firewall Rule that blocks the Web Viewer, or something that can make every Web Viewer request just go to a blank page.
As you can see, this is about a measure not easily avoidable/changeable.

Thank you very much.

Moved from previously independent post (I am not the son… ):

Hi,

Obviously, I’m happy that Obsidian continues to develop, and I was excited to see the new web viewing feature. However, to be honest, I also feel a annoyed. Obsidian has now suddenly become a browser—but one that doesn’t allow for the installation of extensions.

Like many users, I struggle with significant issues related to distraction and therefore keep large parts of the internet blocked most of the time. I currently use an application called Cold Turkey for this, but like most easy to use applications designed for distraction management rely on browser extensions to keep websites blocked. However, if I want to use Obsidian, this option is no longer available to me because Obsidian is now also a browser—one that doesn’t support extensions.

Given the user base of this app, I imagine I’m not the only one facing this issue. I was wondering how other people have solved it.

What I’m trying to do

• Block websites in Obsidian
• Ideally only allow whitelisted websites.

Things I have tried

• Googling around
• AI Advice
• Adding everything I want to block to the adblocker (seems to only accept lists on easylist)
• Adding things to the firewall (has not worked for me so far and would block Sync).

I was surprised to see that Obsidian has introduced a built-in web browser, seemingly with no consideration for the risks of unrestricted internet access. This isn’t about whether a browser should exist, but rather that Obsidian appears to have prioritised features like ad-blocking over basic internet safety.

As a former porn addict and a concerned parent, I rely on Apple’s Screen Time to limit access to adult content across mainstream browsers like Safari, Chrome, and DuckDuckGo. However, since Obsidian’s browser is built into the app itself, it bypasses those restrictions entirely, effectively creating an unfiltered gateway to the internet.

Previously, there were no real safety concerns about a child using Obsidian—it was a secure space for note-taking and organisation. But with the introduction of an unrestricted browser, that has changed. For an app designed around focus and productivity, this feels like a major oversight. The ability to restrict or disable the browser should have been included from the start—especially considering how many users rely on content filtering to protect themselves and their families.

Obsidian is a fantastic tool, but this decision seems short-sighted. At the very least, there should be an option to disable the browser entirely or require a password to enable it. Does anyone else feel this should be addressed?

I don’t think Obsidian’s duty is to offer other settings besides the settings you already have. At this point you are asking too much if you can already disable the web browser in the settings. The idea is already there: you can opt out if you want via settings.

For advanced users Obsidian could provide documentation to configure proper firewall rules to allow sync and block browser access.

Tagging as commercial as this may also have workplace implications.

The issue is that this is a core plugin, which makes it incredibly easy to switch back on once disabled. A child (or anyone looking to bypass restrictions) can simply turn it back in a click. Therefore there no ability for a parent to restrict access. A simple PIN or password lock on enabling the browser would prevent this and offer a basic level of protection.

This is a fundamental change in Obsidian compared to other plugins. Previously, Obsidian was purely a note-taking and organisation tool, but now it functions as an open internet resource. Unlike other core plugins, this one introduces unrestricted web access. That’s a significant shift with real safety implications.

First, This Web Viewer Core plugin should be a download on demand.

Let’s keep Obsidian local first.

A core integration with the www is OK, but requires security standards which require a frequent maintenance. Therefore I am sorry to say that I won’t trust this plugin and wont use it. Let me explain further why.

I bet, everyone knows how frequent modern web browsers launch updates nowadays… those updates aren’t just for fun, eg. To add new features but to guarantee a safe web browsing, foremost. How I see it, the maker of Obsidian don’t have enough manpower to provide a constant maintenance for a browser (plugin). Since information is the new thing nowadays, this Web Viewer adds just an useless vulnerability vector. Obsidian should stay true to their primary vision as a pkm tool and not do something else.

Second, for those who want to install this core plugin, I’d suggest a password to unlock the activation of the Web Viewer Core plugin.

I think 3rd party code cannot easily change Obsidian’s settings. It should have mouse and keyboard access since you cannot change the settings via file access. Gaining mouse and keyboard access without user permission is very unlikely. I think plugins don’t have full access to every settings in Obsidian.

Hello. Just a quick note here. The web viewer plugin is meant to quickly open the links to articles that you have in your notes without leaving obsidian. It is not meant to be (or replace) your main browser. The name “web viewer” is intentional.

The functionality exposed by Web viewer were already present within Obsidian. For example, you were already able to view a web page in canvas and there are a couple of installabile third-party plugins that were covering the same ground.
Therefore, from the POV of parental control, nothing has practically changed.

We of course are sensitive to this subject and, as @Sigrunixia mentioned, restrictions to plugin installation/enablement is also important for corporate users. We may do some work on this area in the future.

We all love Obsidian. Some decisions are worth a discussion however.
My view on this; a plugin is ok, as long as I can uninstall it.
A core plugin can’t be removed, only deactivated. Just my two cents.

Following up what WhiteNoise said, the ability to open websites has been built into Obsidian since long ago. The web viewer plugin is just a nice wrapper around the same method.

Previously, you could open any website by using:

• Inserting <iframe src="https://example.com"> anywhere in a regular markdown note.
• Creating a canvas, right click the background and choose “Add web page”, and type in a URL.
• Install any of the community plugins that allows opening websites, such as Surfing, or Custom Frames.
• Use the developer tools/inspect element to insert an iframe or webview element within the app.

If you need to block out websites for productivity concerns, you should be able to do so at a DNS or OS level. There are many apps that can help manage this.

However as for blocking internet access generally, and/or for parental controls, I find it hard to believe that “blocking” obsidian is actually effective, as it is trivial to circumvent. For a motivated user, browser-level extensions are as easy to bypass as just downloading another browser. Or installing literally any other Electron app that gives you access to the built in developer tools, using which you can use to insert an iframe or webview element. Windows comes built in with Edge which you can’t even uninstall, so even if you have extensions set up in your regular browser (say Chrome) all it takes is to open Edge to get around restrictions.

An effective solution I personally use is a network level Pi Hole. It allows you to monitor, filter, and block any domain on your network, but you have to keep in mind there are potentially (more advanced) ways to bypass DNS blocking such as hardcoding a DNS server (you could block and redirect this at the router level), using DNS over HTTPS, etc.

I’d like to emphasize the importance of including an option to disable the search bar in Obsidian. For neurodivergent individuals, especially those diagnosed with ADHD, impulsive searching can be a major distraction. Many of us have developed a habit of frequently searching for information, which, while sometimes productive, often leads to task-switching and reduced focus.

I have sought professional help for managing ADHD, but since stimulant medications like Adderall are illegal in my country, my therapist has recommended strategies focused on increasing friction. This means creating barriers that make impulsive actions less accessible. This aligns with well-documented behavioral strategies for ADHD, which emphasize modifying the environment to reduce distractions rather than relying solely on willpower, mindfulness, or cognitive-behavioral therapy (CBT).

The solution suggested by the OP, adding a PIN lock for disabling the search function, would be highly effective. I could have a trusted friend set the PIN, preventing me from re-enabling the search bar on impulse. However, as it stands, my only workaround is to downgrade to an older version of Obsidian, which is not a sustainable long-term solution due to compatibility with community plugins.

To manage distractions elsewhere, I have already implemented strict blocking systems on my phone and web browsers using tools like uBlock and other third-party applications, ensuring that I cannot access them during work hours while keeping Obsidian whitelisted. @Sam1996 also seems to suffer from similar problems and has implemented similar systems using Cold Turkey and other apps and I am sure there are many others who are still not aware of the recent update.

The main concern with the web viewer is that it completely removes this friction. While the previous method to bypass distractions, such as using iframe workarounds or third-party plugins, required extra effort, they were at least not immediately accessible to non-technical users. The current implementation makes impulsive web searching instant and effortless, which significantly disrupts focus.

I understand that this is a niche issue, but I hope the developers can empathize with the impact this has on users with ADHD and consider implementing a mechanism such as an optional PIN lock or toggle to prevent misuse and help maintain focus.

I think the key issue here isn’t just blocking access at a technical level but rather the relative ease of accessing distractions and problematic content. While it’s true that motivated users can always find ways around restrictions, the difference in friction matters. Obsidian, by design, is a focused workspace, so when web access is tightly integrated or easy to enable, it lowers the barrier to distraction.

It’s not just about outright blocking but about making certain habits less convenient. A Pi-Hole or DNS filtering can be useful, but the concern is more about how frictionless these distractions become within a productivity tool. The presence of built-in or easily enabled web browsing changes the environment, even if alternatives like Edge or another Electron app always exist.

More broadly, I think there’s a failure to consider just how differently people experience focus and distraction in these discussions. Not everyone’s mind works the same way. For some, simply knowing that a distraction is one click away is enough to derail deep work, even if the same content is technically accessible elsewhere.

In my previous suggestion, I realized that I forgot to address DNS/OS-level website blocking after reading your Discord response to @KungFuSatan, which closely aligns with the one you posted here. The challenge with impulsivity is that any site can become a distraction. There is no finite “X or Y” site that always draws our attention.

For example, if I block YouTube, I might end up replacing it with Wikipedia, where I could spend time reading random topics like Skibidi Toilet without any real purpose. If I block Wikipedia, I may then move on to reading news articles as another source of distraction. Essentially, the source of distraction keeps shifting over time.

To address this for browsers, I use a third-party app to time-block all browsers during work hours. I also came across a suggestion to hide the plugin using CSS, but since that can be easily turned off, a password or PIN lock for the web viewer provides a rigid and stronger system.

The third-party software I use follows a similar approach. It requires a PIN, which my mother set up for me, to block access to browsers. The only other way to bypass it and use browsers would be to delete the app entirely. However, doing so would erase all my carefully configured settings, which creates a strong incentive not to remove it. But I believe some apps like ColdTurkey has even harsher restrictions.

I hope this explanation provides insight into how my thinking process works. And I think this is fairly similar for other impulsive and internet addicted folks out there.

Hello!
Followed the discussion of this topic, I created a little “proof of concept” plugin that enable a password auth when you want to enable the browser view.

You can install it using BRAT with the link : GitHub - Mara-Li/password-web-viewer: Open for a password when enabling the new web-browser plugin in Obsidian.MD.

Yeah I also really struggle with getting distracted. Maybe I could just use willpower but I hate it that I keep getting that feeling/voice to just leave the annoying task I’m doing right now and go on a web content binge. Sometimes the willpower fails and I lose a good chunk of my day. I have relative few willpower problems on other things. Getting rid of something is a lot easier than trying to use willpower. I use Cold Turkey blocker (real war with myself to get rid of all of the little work arounds I’ve found) and was quite disappointed that Obsidian introduced WebView (although it’s of course very helpful for other people).

The solution I’ve come up with is to revert back to an older Obsidian version and disable automatic updates. The new features are not worth my peace of mind at the moment.

I suppose you could just enable automatic updates again but this means I need to go through the hoops again to reinstall an older version. Hopefully that’s enough friction to keep me in line.

Hopefully they introduce a “family safety” feature to lock WebView somewhere in the future. Not only for us “cray people” but also for legitimate parental worries about their children roaming the free web.