1

When considering which information to display on error pages from Rails, it is often suggested to use consider_all_requests_local=true.

  • Why not to use Rails.env.development?
  • In which situations should a production system expose internal stack traces, etc.?
Community
  • 1
  • 1
Christopher Oezbek
  • 23,994
  • 6
  • 61
  • 85

1 Answers1

0

One should never expose stacktrace on production server as it might result in leaking of the confidential information, making it vulnerable. One can always log it in the log files for convenience.

nbirla
  • 600
  • 3
  • 14
  • Exactely, so why would consider_all_requests_local be considered acceptable? More precisely, why would Rails allow local calls in production to receive more detailed info? – Christopher Oezbek Sep 16 '14 at 19:21
  • You might have a production environment - that is, a staging environment. Having errors exposed, as long as the application isn't publicly exposed, is very handy. BTW - you "should never" trust people who advise you "should never" do something... ;-) – Nowaker Aug 19 '16 at 01:22