'Symfony 4: hide debug stacktrace in non prod environment
I have 2 production environments which are prod1 and prod2 they differ in configuration like database and business logic. It is basicallya master-slave relationship.
I want to hide the debug stacktrace from the user like in normal production environments. This should be possible by setting APP_DEBUG=0 in .env file.
APP_DEBUG=0
But I get the debug screen:
But strangely this does not work, only if I set APP_ENV to prod, no debug stacktraces are shown.
My .env file looks like this:
APP_ENV=prod1
APP_DEBUG=0
APP_SECRET=xxxxxxxaxaxaxa
I checked the parameters in public/index.php and there are correct transported:
$env = 'prod1';
$debug = false;
$kernel = new Kernel($env, $debug);
Im am using Symfony 4.2.2 with symfony/env.
Can anybody reproduce this behaviour? Might this be a Symfony or symfony/env Bug?
Solution 1:[1]
The problem was, that I missconfigured ExceptionController in my project:
- the FOSRestBundle has its own ExceptionController for displaying json/xml Exceptions
You configure it in your config/fos_rest.yaml:
fos_rest
exception:
enabled: true
exception_controller: 'App\Controller\ExceptionController::handleExceptionAction'
- Twig is the default ExceptionController for symfony
You configure it in your config/twig.yaml:
twig:
debug: '%kernel.debug%'
exception_controller: App\Controller\ExceptionController::showException
The Exception Handler, that was used was the fos_rest one which I missconfigured in my services.yaml:
App\Controller\ExceptionController:
- '@fos_rest.view_handler.default'
- '@fos_rest.exception.messages_map'
- true <------ this should be '%kernel.debug%'
- '@templating.engine.twig'
- '@logger'
The problem was, that the third parameter should be %kernel.debug% here.
In the end, I ended up to have 2 ExceptionControllers, one for the API with json format Response and for the Sonata Backend, the standard Twig Exception Controller. The only solution was, to forward the request from one Controller to the other:
<?php
namespace App\Controller;
use Psr\Log\LoggerInterface;
use Symfony\Component\Debug\Exception\FlattenException;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use Symfony\Bundle\TwigBundle\Controller\ExceptionController as TwigExceptionController;
class ExceptionController
{
protected $debug;
/**
* @var TwigExceptionController
*/
protected $twigExceptionController;
/**
* @param bool $debug
* @param TwigExceptionController $twigExceptionController
*/
public function __construct(
bool $debug,
TwigExceptionController $twigExceptionController
)
{
$this->debug = $debug;
$this->twigExceptionController = $twigExceptionController;
}
/**
* Converts an Exception to a Response.
*
* @param Request $request
* @param FlattenException $exception
* @param LoggerInterface $logger
*
* @return Response
*/
public function handleExceptionAction(Request $request, FlattenException $exception, LoggerInterface $logger): Response
{
if (!stristr( strtolower($request->getUri()), '/api/')) {
return $this->twigExceptionController->showAction($request, $exception, $logger);
}
$currentContent = $this->getAndCleanOutputBuffering($request->headers->get('X-Php-Ob-Level', -1));
if ($currentContent) {
$logger->error('current content: '.$currentContent);
}
$code = $this->getStatusCode($exception);
$response = new JsonResponse();
$response->setStatusCode($code);
$response->setData([
'message' => $exception->getMessage(),
'code' => $code
]);
return $response;
}
/**
* Determines the status code to use for the response.
*
* @param \Exception $exception
*
* @return int
*/
protected function getStatusCode($exception): int
{
if (method_exists($exception, 'getCode') && $exception->getCode() > 0) {
return $exception->getCode();
}
if (method_exists($exception, 'getStatusCode') && $exception->getStatusCode() > 0) {
return $exception->getStatusCode();
}
return 500;
}
/**
* Gets and cleans any content that was already outputted.
*
* This code comes from Symfony and should be synchronized on a regular basis
* see src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
*
* @return string
*/
private function getAndCleanOutputBuffering($startObLevel)
{
if (ob_get_level() <= $startObLevel) {
return '';
}
Response::closeOutputBuffers($startObLevel + 1, true);
return ob_get_clean();
}
}
Solution 2:[2]
I have several projects written in Symfony 4. To reproduce your error I updated one of my projects to Symfony 4.2.2. All Symfony dependencies:
symfony/browser-kit v4.2.2 Symfony BrowserKit Component
symfony/cache v4.2.2 Symfony Cache component with PSR-6, PSR-16, and tags
symfony/class-loader v3.4.21 Symfony ClassLoader Component
symfony/config v4.2.2 Symfony Config Component
symfony/console v4.2.2 Symfony Console Component
symfony/contracts v1.0.2 A set of abstractions extracted out of the Symfony components
symfony/css-selector v4.2.2 Symfony CssSelector Component
symfony/debug v4.2.2 Symfony Debug Component
symfony/dependency-injection v4.2.2 Symfony DependencyInjection Component
symfony/doctrine-bridge v4.2.2 Symfony Doctrine Bridge
symfony/dom-crawler v4.2.2 Symfony DomCrawler Component
symfony/dotenv v4.2.2 Registers environment variables from a .env file
symfony/event-dispatcher v4.2.2 Symfony EventDispatcher Component
symfony/filesystem v4.2.2 Symfony Filesystem Component
symfony/finder v4.2.2 Symfony Finder Component
symfony/flex v1.1.8 Composer plugin for Symfony
symfony/form v4.2.2 Symfony Form Component
symfony/framework-bundle v4.2.2 Symfony FrameworkBundle
symfony/http-foundation v4.2.2 Symfony HttpFoundation Component
symfony/http-kernel v4.2.2 Symfony HttpKernel Component
symfony/inflector v4.2.2 Symfony Inflector Component
symfony/intl v4.2.2 A PHP replacement layer for the C intl extension that includes additional data from the ICU library.
symfony/maker-bundle v1.11.3 Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.
symfony/monolog-bridge v4.2.2 Symfony Monolog Bridge
symfony/monolog-bundle v3.3.1 Symfony MonologBundle
symfony/options-resolver v4.2.2 Symfony OptionsResolver Component
symfony/orm-pack v1.0.6 A pack for the Doctrine ORM
symfony/polyfill-intl-icu v1.10.0 Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring v1.10.0 Symfony polyfill for the Mbstring extension
symfony/polyfill-php72 v1.10.0 Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions
symfony/process v4.2.2 Symfony Process Component
symfony/profiler-pack v1.0.4 A pack for the Symfony web profiler
symfony/property-access v4.2.2 Symfony PropertyAccess Component
symfony/routing v4.2.2 Symfony Routing Component
symfony/security-bundle v4.2.2 Symfony SecurityBundle
symfony/security-core v4.2.2 Symfony Security Component - Core Library
symfony/security-csrf v4.2.2 Symfony Security Component - CSRF Library
symfony/security-guard v4.2.2 Symfony Security Component - Guard
symfony/security-http v4.2.2 Symfony Security Component - HTTP Integration
symfony/stopwatch v4.2.2 Symfony Stopwatch Component
symfony/swiftmailer-bundle v3.2.5 Symfony SwiftmailerBundle
symfony/templating v4.2.2 Symfony Templating Component
symfony/translation v4.2.2 Symfony Translation Component
symfony/twig-bridge v4.2.2 Symfony Twig Bridge
symfony/twig-bundle v4.2.2 Symfony TwigBundle
symfony/validator v4.2.2 Symfony Validator Component
symfony/var-dumper v4.2.2 Symfony mechanism for exploring and dumping PHP variables
symfony/var-exporter v4.2.2 A blend of var_export() + serialize() to turn any serializable data structure to plain PHP code
symfony/web-profiler-bundle v4.2.2 Symfony WebProfilerBundle
symfony/web-server-bundle v4.2.2 Symfony WebServerBundle
symfony/yaml v4.2.2 Symfony Yaml Component
For clarity - I'm running this project in production environment and I use Apache2 for this job.
In my project I have only one .env file without any *.local files with environment variables. The file looks like this:
APP_ENV=prod
APP_SECRET=928374923784mysecretkey92837498273
With these settings I don't see debug pages - CORRECT BEHAVIOR
APP_ENV=prod
APP_DEBUG=1
APP_SECRET=928374923784mysecretkey92837498273
If I add variable APP_DEBUG with value 1 - debug page is displayed - CORRECT BEHAVIOR
I added a custom environment with name prod1:
APP_ENV=prod1
APP_SECRET=928374923784mysecretkey92837498273
Now debug pages are visible by default - CORRECT BEHAVIOR
I added APP_DEBUG=0:
APP_ENV=prod1
APP_DEBUG=0
APP_SECRET=928374923784mysecretkey92837498273
and debug pages don't appear - CORRECT BEHAVIOR
So as you can see I can't reproduce this bug. In Symfony 4.2.2 everything seems to work properly. Search for an error in your project or web server configuration because this is the cause of the problem. I think that you overwrite the APP_DEBUG variable somewhere. Maybe in Apache/Nginx virtualhost configuration:
As Siavas wrote, it can also be a cache. Try to delete the var/log directory manually and run composer install
Unfortunately I don't have more ideas, if the project is not strictly secret, you can share it on github, maybe then I will be able to help you more
Solution 3:[3]
Your configuration is correct.
Most likely this is a caching issue: try running php bin/console cache:clear.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | |
| Solution 3 |