如何在 Laravel whoops 输出中隐藏 .env 密码?
如何在 Laravel 的 whoops 输出中隐藏我的密码和其他敏感环境变量?
有时其他人正在查看我的开发工作.如果抛出异常,我不希望他们看到这些秘密,但我也不希望不得不不断地打开和关闭调试,或者为了快速预览而启动一个专用站点.
解决方案截至
How can I hide my passwords and other sensitive environment variables on-screen in Laravel's whoops output?
Sometimes other people are looking at my development work. I don't want them to see these secrets if an exception is thrown, but I also don't want to have to keep toggling debug on and off, or spin up a dedicated site just for a quick preview.
解决方案As of Laravel 5.5.13, you can censor variables by listing them under the key debug_blacklist
in config/app.php
. When an exception is thrown, whoops will mask these values with asterisks *
for each character.
For example, given this config/app.php
return [
// ...
'debug_blacklist' => [
'_ENV' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_SERVER' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_POST' => [
'password',
],
],
];
Results in this output:
相关文章