如何在Laravel Whoops输出中隐藏.env密码? [英] How to hide .env passwords in Laravel whoops output?

问题描述

如何在Laravel的whoops输出中在屏幕上隐藏我的密码和其他敏感环境变量?

How can I hide my passwords and other sensitive environment variables on-screen in Laravel's whoops output?

有时候其他人正在看我的开发工作.我不希望他们在抛出异常的情况下看到这些秘密，但我也不想非要不停地打开和关闭调试，或者只是为了快速预览而建立一个专用站点.

Sometimes other people are looking at my development work. I don't want them to see these secrets if an exception is thrown, but I also don't want to have to keep toggling debug on and off, or spin up a dedicated site just for a quick preview.

推荐答案

从Laravel 5.5.13开始，有

As of Laravel 5.5.13, there's a new feature that allows you to blacklist certain variables in config/app.php under the key debug_blacklist. When an exception is thrown, whoops will mask these values with asterisks * for each character.

例如，给定此config/app.php

return [

    // ...

    'debug_blacklist' => [
        '_ENV' => [
            'APP_KEY',
            'DB_PASSWORD',
            'REDIS_PASSWORD',
            'MAIL_PASSWORD',
            'PUSHER_APP_KEY',
            'PUSHER_APP_SECRET',
        ],
        '_SERVER' => [
            'APP_KEY',
            'DB_PASSWORD',
            'REDIS_PASSWORD',
            'MAIL_PASSWORD',
            'PUSHER_APP_KEY',
            'PUSHER_APP_SECRET',
        ],
        '_POST' => [
            'password',
        ],
    ],
];

输出结果:

这篇关于如何在Laravel Whoops输出中隐藏.env密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！