如何在Laravel Whoops输出中隐藏.env密码?
如何在Laravel的whoops输出中在屏幕上隐藏我的密码和其他敏感环境变量?
How can I hide my passwords and other sensitive environment variables on-screen in Laravel's whoops output?
有时候其他人正在看我的开发工作.我不希望他们在抛出异常的情况下看到这些秘密,但我也不想非要不停地打开和关闭调试,或者只是为了快速预览而建立一个专用站点.
Sometimes other people are looking at my development work. I don't want them to see these secrets if an exception is thrown, but I also don't want to have to keep toggling debug on and off, or spin up a dedicated site just for a quick preview.
As of Laravel 5.5.13, there's a new feature that allows you to blacklist certain variables in config/app.php under the key debug_blacklist. When an exception is thrown, whoops will mask these values with asterisks * for each character.
例如,给定此config/app.php
return [
// ...
'debug_blacklist' => [
'_ENV' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_SERVER' => [
'APP_KEY',
'DB_PASSWORD',
'REDIS_PASSWORD',
'MAIL_PASSWORD',
'PUSHER_APP_KEY',
'PUSHER_APP_SECRET',
],
'_POST' => [
'password',
],
],
];
输出结果: