Is code within the @code block compiled and visible through browser debugging?

Question

I'm relatively new to Blazor WASM. I've used Blazor Server quite a bit, and have a ton of experience using ASP.NET.

Blazor WASM seems to be divided into two separate projects - OOTB, a fresh projects spawns with ProjectName.Client and ProjectName.Server. I would expect everything under the Server project is residing on the server, and thus not visible to the browser.

I'm unsure about the code in the Client project. Specifically, the code within the @code blocks. I would expect that those blocks of code execute on the client browser, but are they visible to the client, or are they encrypted/hidden/etc and thus not visible?

Specifically, I'm looking to create a page with a form that is submitted to a HTTP endpoint for processing. The contents of that form are, of course, plainly visible to the client, as they just filled it in, but specifically, I'd like to hide the outgoing HTTP call.

So, tl;dr:

1. If I put code within the @code block, can the client somehow decompile and see it?
2. If I make an outgoing HTTP request within the @code block, can the client see the request using tools like Fiddler or within the browser Network tab?
3. Just to be sure, If I put the code within the Server project instead, and I have the Client project send the request to the Server project with the form data, will the outgoing HTTP request from the Server project be completely hidden to the client?

Answer 1

In Blazor WASM all the code required by the WASM project is downloaded to the browser. i.e. treat it as public domain code. It's needs decompiling but with the right tools everything in there is visible.

Any calls from the client code to an API are also viewable.

Any code within the API controllers is pure ASPNetCore server side code and can't be seen unless compromised.

So

1. Yes
2. Yes
3. Yes