开发者

How to prevent the debug toolbar from appearing in a prod environment

I have recently deployed a Symfony 1.3.6 website. I have chosen to keep frontend_dev.php on the server, so I can debug on the local machine when absolutely required.

I modified frontend_dev.php like this:

<?php

require_once(dirname(__FILE__).'/../config/ProjectConfiguration.class.php');

$configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', true);

// this check prevents access to debug front controllers that are deployed by accident to production servers.
// feel free to remove this, extend it or make something more sophisticated.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')))
{
    //in case something screwy happens ...
    try
    {
       // die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
       sfContext::createInstance($configuration)->getController()->forward('security', 'error404');
       exit();
    }
    catch(Exception $e)
    {
        //if we got here, all bets are off anyway, just go away ....
        exit();
    }
}

sfContext::createInstance($configuration)->dispatch();

What I was doing was to direct the request to a 404 error page. However, I notice that when I typed in http://www.mywebsite.com/frontend_dev.php/some_valid_url.html

I was directed to the 404 page (as I wanted) - BUT the debug toolbar was shown - ehich is obviously a security risk. What is the best way to disable the toolbar when the dev controller is accessed from a non-local machine?

I thought of putting checking code in the error404 action, and then disabling the debug toolbar as and when needed, but I am not sure if this is the most symfonic way to do it.

Whats the best practice in this insta开发者_JS百科nce?


sfConfig::set('sf_web_debug', false);


Wouldn't you just want to turn it off in the settings.yml file?

dev:
  .settings:
    web_debug: false


You're initializing the configuration in a dev environment with debug turned on. Try something like:

// this check prevents access to debug front controllers that are deployed by accident to production servers.
// feel free to remove this, extend it or make something more sophisticated.
if (!in_array(@$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '::1')))
{
    //in case something screwy happens ...
    try
    {
       // die('You are not allowed to access this file. Check '.basename(__FILE__).' for more information.');
       $configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'prod', false);

       sfContext::createInstance($configuration)->getController()->forward('security', 'error404');
       exit();
    }
    catch(Exception $e)
    {
        //if we got here, all bets are off anyway, just go away ....
        exit();
    }
}
else
{
  $configuration = ProjectConfiguration::getApplicationConfiguration('frontend', 'dev', true);
  sfContext::createInstance($configuration)->dispatch();
}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜