Closed Rubioli closed 4 years ago
To everyone who might come across this: Please don't use Better Errors in production. Beyond being insecure (meaning we haven't done any testing to see what information it might leak or how easily the IP address filtering is spoofed) it also requires a load of debugging tools to be in Ruby at all times, and these alone can cause security and performance problems.
To troubleshoot an issue you're seeing in production, I recommend a tool like Sentry. You can add contextual data to the Sentry client so that if an exception occurs, you have more information to reproduce with. Getting good at using user context, tags, and extra context is a skill that will save you a lot of time when tracking down errors in production.
But if you're trying to run your Rails app on a development machine with "production" environment specified, note that by default, Better Errors is only included in the development
group of the Gemfile. This will keep it from being included in the middleware stack at all when running outside Rails "development" environment. Have you moved it outside of this group?
@RobinDaugherty Thanks a lot for your detailed answer and I appreciate you taking your time to answer 💯.
No, I haven't added better_errors
inside a group :development do
and that's why I assumed if its not inside a group, it would be accessible cross all envs
First of all, thanks for this great gem 🥇
I'm running my rails app in a closed/private server (not accessible by anyone) and that's why there is no security issues at this point.
I'm struggling with a bug that only appears in
Production
env and I was wondering how can I set upbetter_errors
in production as well.I tried not to group
better_errors
indevelopment
, added this in myconfig/application.rb
and
BetterErrors::Middleware.allow_ip! '11.11.11.11'
ininitialers/better_errors.rb
& inenvironments/production.rb
I did:Elso tested with:
But I still see rails error page. I would appreciate any help and thanks in advance!