I'm noticing when I dd($request) from the Illuminate\Http\Request, I see all of my .env variables and values. This is a security risk that I'm not aware how to hide. How would I store these values in .env but not make them publicly assessable like this?
Asked
Active
Viewed 465 times
0
Zach Smith
- 5,490
- 26
- 84
- 139
-
4`dump()` and `dd()` should be only used for development purposes. – halloei Aug 11 '20 at 12:35
-
Define production environment APP_ENV in .env. – Jenish Aug 11 '20 at 13:08
1 Answers
0
As mentioned in comment, you should not use dd() nor dump() in production.
If you are concerned about seeing env variables being displayed in your application, you can either
set
APP_DEBUG=falsein your.envfileset the
'debug_blacklist'key in yourapp\configfile to hide some specific keys from theWhoopspage (As seen on https://stackoverflow.com/a/46407010/4258328 )
Christophe Hubert
- 2,833
- 1
- 12
- 25