New to using Laravel and php. I’m working on a project, and there’s a debug bar on the bottom of a published web app.
Is this standard? Or should I tell my manager to remove it? Is there any security issues?
.env is currently:
APP_DEBUG=true
Advertisement
Answer
Yes, it is a security concern.
The debug bar should only be available to the developer(s) during development and never exposed to users on the Internet.
In a production environment, the APP_DEBUG property should be set to false.
Per Laravel documentation: https://laravel.com/docs/8.x/configuration#debug-mode
For local development, you should set the APP_DEBUG environment variable to true. In your production environment, this value should always be false. If the variable is set to true in production, you risk exposing sensitive configuration values to your application’s end users.