cookie 'tracy-debug'

[mestrode]

Version: 2.9.0

Bug Description

I tried to enable tracy debug-mode by use of permission via IP (v6) AND cookie secret. I was not able to use the cookie as an additional security feature, but only IP authentication worked flawless.

Steps To Reproduce

start new nette app-project composer create-project nette/web-project path/to/install cd path/to/install

in bootstrap.php

ensure you have set a sufficient cookie

        $addr = 'insert ipv6 address here';
        $cookie_secret = 'secret';

        $cookie_name = 'tracy-debug';
        $arr_cookie_options = array (
            'expires' => strtotime( '+2 days' ),
            'path' => '/',
            'domain' => '',
            'secure' => true,
            'httponly' => true,
            'samesite' => 'Lax'
            );
        setcookie($cookie_name, $cookie_secret, $arr_cookie_options);

uncomment setDebugMode and fill in your credentials

$configurator->setDebugMode($cookie_secret.'@'.$addr);

Expected Behavior

setDebugMode is enabled, when cookie is available

Possible Solution

don't know, but i was able to verify the cookie within bootstrap.php by using

        if (!empty($_COOKIE[$cookie_name]))
        {
            if (0 == strcmp($_COOKIE[$cookie_name], $cookie_secret))
            {
                //$configurator->setDebugMode('secret@23.75.345.200'); // enable for your remote IP
                $configurator->setDebugMode($addr); // enable for your remote IP
            }
        }

[dg]

I think cookie name is nette-debug

[mestrode]

I was looking in vendor/tracy/src/Tracy/Debugger/Debugger.php Line 28 But you're right: In vendor/nette/bootstrap/src/Bootstrap/Configurator.php Line 26 i've found the affirmation to your hint, I obviously overlooked before.

Thank you very much!