If your app has no need for navigation, you can call event.preventDefault() in a will-navigate handler. If you know which pages your app might navigate to, check the URL in the event handler and only let navigation occur if it matches the URLs you’re expecting.
Implementing a PIN-protected general blocker or even a regular block/allow list that way looks viable to me (Caveat: my knowledge of Electron is limited). Assuming that community plug-ins are sandboxed it would have to be a feature of the Obsidian core, though – correct?
Sir, have you found any way to block the Obsidian web viewer? I relied on Cold Turkey Blocker to restrict access to some distracting websites, and it worked very well. However, I recently discovered that the built-in browser in Obsidian can bypass these restrictions.
I’m facing the same issue. I use cold turkey blocker but unfortunately Obsidian web viewer can bypass it. I noticed that cold turkey blocker can block based on the title of the window (click Win + Tab and you can see the title of the window). I would block based on the title twitch.obsidian*. Unfortunately, when you click on a link that directs you to a non-blocked site like Google and then search for something like twitch the window title doesn’t update unless you go to a different obsidian file and come back to the web viewer.
I think a useful solution would be to update the title of the window as soon as the link in the address bar changes instead of having to switch notes for the address bar to change cause that can be exploited. Additionally, adding Canvas to the windows title for canvas notes, markdown to the window title for markdown notes, and Web Viewer to the window title for Obsidian’s web viewer would also really help with blocking distractions while still using Obsidian.
I think a solution that might work is using a firewall or customizable DNS to block unwanted sites or outgoing internet traffic in general. I found this tool called Portmaster which is a customizable DNS that’s free and open-source and is not hard to use. I didn’t want to block all internet traffic from Obsidian because I use Obsidian Sync, and would like to access my notes from multiple devices.
In portmaster, if you go to apps and profiles on the left sidebar > click obsidian > click settings > under rules you can specify domains that you want to either allow or block like YouTube and Twitch. Or alternatively you can just block internet traffic in obsidian altogether.
I haven’t been following the whole discussion here, I just wanted to add that the webview plugin can be blocked using the program Plucky manual | Plucky manual.
In this program you set up a delay (e.g. 2 hours or 4 days) and can’t change the settings until that much time has passed.
I haven’t found any way to get around this app so far, it can’t easily be uninstalled or anything like that.
I’m trying to figure out how to do this using plucky. I downloaded it on my mac and have the edge browser extension, but I don’t know what to do from there. Any chance you could share a bit more about how you get this to work for blocking the webview plugin?
Obsidian. As long as there’s no solid/customizable friction points like Cold Turkey in place (for reasons presented by OP and others), this is a massive dealbreaker. For something meant to be a focused note-taking app, this is a recipe for distraction. Even if that wasn’t the intention going into it, it functionally serves the purpose of a web browser that impulsive minds like me use for distractive binges. Not having the option or at least having tools to add friction are incredibly useful for me. Love it otherwise but this simply is a no-go. For those looking for alternatives, Zettlr has been working pretty well so far. There is an ability to render iframes, though the functionality is far more limited compared to Obsidian, though it is more minimalistic.
I want to +1 that internet access restriction settings are very important to me as a user. I agree that there should be an option to disable internet access completely in any part of the app. So far it seems that people have given their reasons and other people have responded with why they thing that reason is a valid or invalid reason for this restriction. Because of that, I’m just going to leave my reasoning out and say that the reason doesn’t matter because it’s important to a lot of users for a lot of different reasons.
Would like to +1 this issue. Like others in this thread I am a heavy user of both Cold Turkey and Obsidian as tools to help keep me productive and focused on my computer, but the web viewer has driven a big hole through my setup. Looks like I will have to either downgrade or uninstall Obsidian until there is a pin restriction or some other non-trivial way to disable the web viewer permanently.
The solution i use is Firewall. With Firewall you can cut the internet access of obsidian, its a problem if you use obsidian sync but i use google drive so i dont have problems.
Would like to echo the necessity of solving this issue. Many of us use Obsidian daily as a focused writing app. It’s important that Obsidian remains a trusted tool for this purpose, and that its mission isn’t undercut by having unfettered access to the web. I personally often “whitelist” Obsidian on my computer, so that it’s one of a few apps my computer can use during work hours. This means I can’t whitelist Obsidian without having a browser (and an unrestricted one at that) come along for the ride.
Many of us are writers who have created hardened blocking methods to prevent wholesale internet usage while working on a project, to stay focused on the writing we need to do. This embedded browser isn’t a small deal— it effectively skirts around popular methods to block the web using browser extensions.
Putting an embedded browser inside Obsidian effectively disables its primary service for us: being a focused, offline place to organize thought.
Reading through all of the responses above, I think that this issue is so serious that the only way to truly address it is by providing two builds on the Obsidian site— one with compatibility for iFrames/web access, and one with no inline access to the web. If Obsidian could come bundled without web tools, that would allow it to be a “safe” environment where we aren’t able to abuse this feature and have access to the open web.
While prioritizing the local-first approach of our application, Obsidian does make network calls based on the services and features you use. These network connections can be disabled via a domain firewall or application lockdown.
Obsidian makes these network connections on HTTPS port 443.
The following is a list of network connections Obsidian makes.
Obsidian-sourced connections
Early access updates: Uses releases.obsidian.md.
Account and license management: When accessing your Obsidian account in Settings and applying a Commercial License, we call api.obsidian.md.
Obsidian Sync: Used for syncing your notes across devices.
sync-xx.obsidian.md, where xx is a number between 01-100.
Obsidian Publish:
Backend: publish-main.obsidian.md and publish-xx.obsidian.md, where xx is a number.
Frontend: publish.obsidian.md.
GitHub-sourced connections
Obsidian makes network requests to both github.com and raw.githubusercontent.com.
Public releases: If automatic updates are enabled, Obsidian checks GitHub for public releases.
Third-party themes and plugins:
A check is performed once every 12 hours from the app’s startup time to fetch a file hosted on GitHub used for “plugin deprecations.” This file helps remotely disable specific versions of plugins known to malfunction, cause data loss, or potentially be vulnerable or malicious.
Enabled plugins may generate network traffic outside Obsidian and GitHub’s control.
Other connections
Embedded online content: When opening notes that embed online content, such as an image ().
DNS requests: If a hostname needs to be resolved before establishing a connection, including DNS over HTTPS. Refer to Chromium’s documentation for more information.
Using that information one could set up domain specific firewall rules for Obsidian that will allow basic network access like checking updates while blocking other non essential trafic. Eventually you should view firewall as a powerful tool also useful in productivity.
Obsidian. As long as there’s no solid/customizable friction points like Cold Turkey in place (for reasons presented by OP and others), this is a massive dealbreaker. For something meant to be a focused note-taking app, this is a recipe for distraction. Even if that wasn’t the intention going into it, it functionally serves the purpose of a web browser that impulsive minds like me use for distractive binges. Not having the option or at least having tools to add friction are incredibly useful for me. Love it otherwise but this simply is a no-go. For those looking for alternatives,