How to hide .env passwords in Laravel whoops output?

后端未结

关注

 10  1642

攒了一身酷 2020-12-07 10:48

How can I hide my passwords and other sensitive environment variables on-screen in Laravel\'s whoops output?

Sometimes other people are looking at my development wor

10条回答

萌比男神i (楼主)

2020-12-07 10:52

As of Laravel 5.5.13, you can censor variables by listing them under the key debug_blacklist in config/app.php. When an exception is thrown, whoops will mask these values with asterisks * for each character.

For example, given this config/app.php

return [

    // ...

    'debug_blacklist' => [
        '_ENV' => [
            'APP_KEY',
            'DB_PASSWORD',
            'REDIS_PASSWORD',
            'MAIL_PASSWORD',
            'PUSHER_APP_KEY',
            'PUSHER_APP_SECRET',
        ],
        '_SERVER' => [
            'APP_KEY',
            'DB_PASSWORD',
            'REDIS_PASSWORD',
            'MAIL_PASSWORD',
            'PUSHER_APP_KEY',
            'PUSHER_APP_SECRET',
        ],
        '_POST' => [
            'password',
        ],
    ],
];

Results in this output:

0 讨论(0)

查看其它10个回答