Hide passwords in Laravel’s whoops output
By default, Laravel’s whoops output displays passwords and other sensitive variables in your env file on-screen. How to keep it hidden from the screen? In Laravel there is a new feature for this. It allows you to blacklist the variables on config/app.php under debug_blacklist. If an exception is thrown you can mask these values with asterisks instead of each character.
return [
// ...
'debug_blacklist' => [
'_ENV' =>[
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_SERVER' =>[
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_POST' =>[
'password',
],
],
];
To keep every variables of env file hidden use the following code.
'debug_blacklist' =>[
'_COOKIE' =>array_keys($_COOKIE),
'_SERVER' =>array_keys($_SERVER),
'_ENV' =>array_keys($_ENV),
],
Comments
0 comments
Please Sign in or Create an account to Post Comments