Closed wanghanlin closed 4 years ago
Why not? This is set when you use ppm start --debug 1
argument. Why don't you just use that argument?
Hi @marcj here are my personal thoughts on this.
APP_DEBUG
to true, the underlying reason here is when APP_DEBUG
is true, laravel will now by default display all ENV (in old laravel it won't), so all credentials like database password will be exposed, we don't have documentation in php-pm that explain this behaviour and highlight to users, so it also bring a potential security reason that developer may not aware of.Good arguments, then let's change that accordingly. Maybe it's best to remove the debug option, and trigger the hot-reload functionality behind a new option.
do you need prevent breaking change? if so maybe we can add a new option --disable-env-override
or something and default to false. but it's hard to do non-breaking change in PHPPM\Bootstraps\Laravel so i'm not sure what's best here
Hi @wanghanlin how can we move forward with this? Is it still relevant?
Hi @acasademont, I haven't been using this for a while, but I just checked the latest code seems don't have same issue, let's just close this for now and if someone else face this issue, we can open again. Thanks!
https://github.com/php-pm/php-pm-httpkernel/blob/master/Bootstraps/Laravel.php#L38
this line will modify the behaviour of a .env file developer set, I think phppm especially a httpkernel bridge shouldn't modify the default behaviour of laravel.
ref: php-pm/php-pm#363