How to hide .env passwords in Laravel whoops output?

后端未结

关注

 10  1663

攒了一身酷 2020-12-07 10:48

How can I hide my passwords and other sensitive environment variables on-screen in Laravel\'s whoops output?

Sometimes other people are looking at my development wor

10条回答

青春惊慌失措 (楼主)

2020-12-07 10:58

The solution by @jeff + @raheel is great!!! On a project recently we found we sometimes wanted to whitelist a property or two, so building on the above, you can whitelist specific properties you want to debug with something like:

'debug_blacklist' => [
    '_COOKIE' => array_diff(array_keys($_COOKIE), array()),
    '_SERVER' => array_diff(array_keys($_SERVER), array('APP_URL', 'QUERY_STRING')),
    '_ENV' => array_diff(array_keys($_ENV), array()),
],

If you want to allow that list to be configured via .env, you can do something like:

'debug_blacklist' => [
    '_COOKIE' => array_diff(
        array_keys($_COOKIE),
        explode(",", env('DEBUG_COOKIE_WHITELIST', ""))
    ),
    '_SERVER' => array_diff(
        array_keys($_SERVER),
        explode(",", env('DEBUG_SERVER_WHITELIST', ""))
    ),
    '_ENV' => array_diff(
        array_keys($_ENV),
        explode(",", env('DEBUG_ENV_WHITELIST', ""))
    ),
],

Then in your .env, do something like:

DEBUG_SERVER_WHITELIST="APP_URL,QUERY_STRING"

Cheers!

0 讨论(0)

查看其它10个回答