Closed Messhias closed 2 years ago
Hi @Messhias, please make sure that debug mode is turned off (APP_DEBUG=false
) in your production environment. Additionally, please also make sure that the IGNITION_ENABLE_RUNNABLE_SOLUTIONS
environment variable is either not set or set to false
!
If debug mode is turned off and IGNITION_ENABLE_RUNNABLE_SOLUTIONS
is not set, please make sure that config('ignition.enable_runnable_solutions')
is not enabled. You can test this in Laravel Tinker on your production server.
Hi @Messhias, please make sure that debug mode is turned off (
APP_DEBUG=false
) in your production environment. Additionally, please also make sure that theIGNITION_ENABLE_RUNNABLE_SOLUTIONS
environment variable is either not set or set tofalse
!If debug mode is turned off and
IGNITION_ENABLE_RUNNABLE_SOLUTIONS
is not set, please make sure thatconfig('ignition.enable_runnable_solutions')
is not enabled. You can test this in Laravel Tinker on your production server.
I am facing the same issue, sometimes on my dev environment [APP_ENV=development]
I receive this error.
The APP_DEBUG=true
and the IGNITION_ENABLE_RUNNABLE_SOLUTIONS
is not set in the .env.
I see in the code that the ExecuteSolutionController checks if the environment is a local environment
if (! app()->environment('local')) {
throw CannotExecuteSolutionForNonLocalEnvironment::make();
}
Can we change this from if not local to if production? Because that is the place where we should not show the error page.
Hi @Messhias, please make sure that debug mode is turned off (
APP_DEBUG=false
) in your production environment. Additionally, please also make sure that theIGNITION_ENABLE_RUNNABLE_SOLUTIONS
environment variable is either not set or set tofalse
!If debug mode is turned off and
IGNITION_ENABLE_RUNNABLE_SOLUTIONS
is not set, please make sure thatconfig('ignition.enable_runnable_solutions')
is not enabled. You can test this in Laravel Tinker on your production server.
This doesn't make sense, why I should turn off the ignition in any environment?
I have same errors in buglog, here is my config
APP_ENV=development
APP_DEBUG=true
so, there is not production
Got same issue. I don't want to turn off debug in production. I want to know what's wrong so I can fix.
So, looking at the code, the only way to get rid of this, is to set the environment to "local".
My opinion is that this should be toggled not by the environment, but by an enable/disable config.
So, looking at the code, the only way to avoid this is to set the environment to "local".
My opinion is that this should be toggled not by the environment, but by an enable/disable config.
Yes, there's a PR to fix that?
@AlexVanderbist I created a PR to fix the issue.
So, looking at the code, the only way to get rid of this is to set the environment to "local".
My opinion is that this should be toggled not by the environment, but by an enable/disable config.
I created a PR to fix that.
@AlexVanderbist I created a PR to fix the issue.
There's someone else in this repository who's a maintainer too?
Thanks for the PR. Please have some patience, we'll get to this PR when we have some time.
Hi there! Thanks for your patience and for the PR.
Running solutions is disabled on non-local environments (regardless of APP_DEBUG
) because a lot of people new to the framework tend to deploy their applications with APP_DEBUG
turned on. This would then possibly expose them to remote code execution through the execute solutions endpoint (or other debug features).
I agree that there should be a way to override this behaviour. #98 adds an additional environment variable to bypass the local environment check. However, I think that will be confusing as there's already a IGNITION_ENABLE_RUNNABLE_SOLUTIONS
environment variable. I'll try to open a PR in a minute that allows IGNITION_ENABLE_RUNNABLE_SOLUTIONS=true
to bypass the local environment check regardless of APP_DEBUG
.
Finally, sort of offtopic:
@kwarnkham:
Got same issue. I don't want to turn off debug in production. I want to know what's wrong so I can fix.
I would really advice against this. Running any Laravel app publicly in debug mode will get you in trouble. There are malicious scrapers constantly looking for exposed applications to abuse debug features in this package and others.
Hi again, when #111 is merged and tagged, you should be able to set IGNITION_ENABLE_RUNNABLE_SOLUTIONS=true
to allow runnable solutions everywhere, regardless of environment.
I'm just coming here to say thank you guys for disabling command executing on production env by default.
I forgot to turn off debugging on production and seems like somebody tried to do some bad stuff on my website, but execution was blocked on production.
THANK YOU!
This is just happening after the last update:
note: this is in the production environment.
composer.json: