'Symfony 4: hide debug stacktrace in non prod environment

I have 2 production environments which are prod1 and prod2 they differ in configuration like database and business logic. It is basicallya master-slave relationship.

I want to hide the debug stacktrace from the user like in normal production environments. This should be possible by setting APP_DEBUG=0 in .env file.

APP_DEBUG=0

But I get the debug screen:

enter image description here

But strangely this does not work, only if I set APP_ENV to prod, no debug stacktraces are shown.

My .env file looks like this:

APP_ENV=prod1
APP_DEBUG=0
APP_SECRET=xxxxxxxaxaxaxa

I checked the parameters in public/index.php and there are correct transported:

$env = 'prod1';
$debug = false;
$kernel = new Kernel($env, $debug);

Im am using Symfony 4.2.2 with symfony/env.

Can anybody reproduce this behaviour? Might this be a Symfony or symfony/env Bug?



Solution 1:[1]

The problem was, that I missconfigured ExceptionController in my project:

  1. the FOSRestBundle has its own ExceptionController for displaying json/xml Exceptions

You configure it in your config/fos_rest.yaml:

fos_rest
    exception:
        enabled: true
        exception_controller: 'App\Controller\ExceptionController::handleExceptionAction'
  1. Twig is the default ExceptionController for symfony

You configure it in your config/twig.yaml:

twig:
    debug: '%kernel.debug%'
    exception_controller: App\Controller\ExceptionController::showException

The Exception Handler, that was used was the fos_rest one which I missconfigured in my services.yaml:

App\Controller\ExceptionController:
  - '@fos_rest.view_handler.default'
  - '@fos_rest.exception.messages_map'
  -  true   <------ this should be '%kernel.debug%'
  - '@templating.engine.twig'
  - '@logger'

The problem was, that the third parameter should be %kernel.debug% here.

In the end, I ended up to have 2 ExceptionControllers, one for the API with json format Response and for the Sonata Backend, the standard Twig Exception Controller. The only solution was, to forward the request from one Controller to the other:

 <?php

namespace App\Controller;

use Psr\Log\LoggerInterface;
use Symfony\Component\Debug\Exception\FlattenException;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface;
use Symfony\Bundle\TwigBundle\Controller\ExceptionController as TwigExceptionController;

class ExceptionController
{
    protected $debug;

    /**
     * @var TwigExceptionController
     */
    protected $twigExceptionController;

    /**
     * @param bool $debug
     * @param TwigExceptionController $twigExceptionController
     */
    public function __construct(
        bool $debug,
        TwigExceptionController $twigExceptionController
    )
    {
        $this->debug = $debug;
        $this->twigExceptionController = $twigExceptionController;
    }

    /**
     * Converts an Exception to a Response.
     *
     * @param Request                   $request
     * @param FlattenException     $exception
     * @param LoggerInterface $logger
     *
     * @return Response
     */
    public function handleExceptionAction(Request $request, FlattenException $exception, LoggerInterface $logger): Response
    {    
        if (!stristr( strtolower($request->getUri()), '/api/')) {
            return $this->twigExceptionController->showAction($request, $exception, $logger);
        }

        $currentContent = $this->getAndCleanOutputBuffering($request->headers->get('X-Php-Ob-Level', -1));
        if ($currentContent) {
            $logger->error('current content: '.$currentContent);
        }

        $code = $this->getStatusCode($exception);
        $response = new JsonResponse();
        $response->setStatusCode($code);
        $response->setData([
            'message' => $exception->getMessage(),
            'code' => $code
        ]);
        return $response;
    }


    /**
     * Determines the status code to use for the response.
     *
     * @param \Exception $exception
     *
     * @return int
     */
    protected function getStatusCode($exception): int
    {
        if (method_exists($exception, 'getCode') && $exception->getCode() > 0) {
            return $exception->getCode();
        }
        if (method_exists($exception, 'getStatusCode') && $exception->getStatusCode() > 0) {
            return $exception->getStatusCode();
        }

        return 500;
    }

    /**
     * Gets and cleans any content that was already outputted.
     *
     * This code comes from Symfony and should be synchronized on a regular basis
     * see src/Symfony/Bundle/TwigBundle/Controller/ExceptionController.php
     *
     * @return string
     */
    private function getAndCleanOutputBuffering($startObLevel)
    {
        if (ob_get_level() <= $startObLevel) {
            return '';
        }
        Response::closeOutputBuffers($startObLevel + 1, true);
        return ob_get_clean();
    }
}

Solution 2:[2]

I have several projects written in Symfony 4. To reproduce your error I updated one of my projects to Symfony 4.2.2. All Symfony dependencies:

symfony/browser-kit                              v4.2.2             Symfony BrowserKit Component
symfony/cache                                    v4.2.2             Symfony Cache component with PSR-6, PSR-16, and tags
symfony/class-loader                             v3.4.21            Symfony ClassLoader Component
symfony/config                                   v4.2.2             Symfony Config Component
symfony/console                                  v4.2.2             Symfony Console Component
symfony/contracts                                v1.0.2             A set of abstractions extracted out of the Symfony components
symfony/css-selector                             v4.2.2             Symfony CssSelector Component
symfony/debug                                    v4.2.2             Symfony Debug Component
symfony/dependency-injection                     v4.2.2             Symfony DependencyInjection Component
symfony/doctrine-bridge                          v4.2.2             Symfony Doctrine Bridge
symfony/dom-crawler                              v4.2.2             Symfony DomCrawler Component
symfony/dotenv                                   v4.2.2             Registers environment variables from a .env file
symfony/event-dispatcher                         v4.2.2             Symfony EventDispatcher Component
symfony/filesystem                               v4.2.2             Symfony Filesystem Component
symfony/finder                                   v4.2.2             Symfony Finder Component
symfony/flex                                     v1.1.8             Composer plugin for Symfony
symfony/form                                     v4.2.2             Symfony Form Component
symfony/framework-bundle                         v4.2.2             Symfony FrameworkBundle
symfony/http-foundation                          v4.2.2             Symfony HttpFoundation Component
symfony/http-kernel                              v4.2.2             Symfony HttpKernel Component
symfony/inflector                                v4.2.2             Symfony Inflector Component
symfony/intl                                     v4.2.2             A PHP replacement layer for the C intl extension that includes additional data from the ICU library.
symfony/maker-bundle                             v1.11.3            Symfony Maker helps you create empty commands, controllers, form classes, tests and more so you can forget about writing boilerplate code.
symfony/monolog-bridge                           v4.2.2             Symfony Monolog Bridge
symfony/monolog-bundle                           v3.3.1             Symfony MonologBundle
symfony/options-resolver                         v4.2.2             Symfony OptionsResolver Component
symfony/orm-pack                                 v1.0.6             A pack for the Doctrine ORM
symfony/polyfill-intl-icu                        v1.10.0            Symfony polyfill for intl's ICU-related data and classes
symfony/polyfill-mbstring                        v1.10.0            Symfony polyfill for the Mbstring extension
symfony/polyfill-php72                           v1.10.0            Symfony polyfill backporting some PHP 7.2+ features to lower PHP versions
symfony/process                                  v4.2.2             Symfony Process Component
symfony/profiler-pack                            v1.0.4             A pack for the Symfony web profiler
symfony/property-access                          v4.2.2             Symfony PropertyAccess Component
symfony/routing                                  v4.2.2             Symfony Routing Component
symfony/security-bundle                          v4.2.2             Symfony SecurityBundle
symfony/security-core                            v4.2.2             Symfony Security Component - Core Library
symfony/security-csrf                            v4.2.2             Symfony Security Component - CSRF Library
symfony/security-guard                           v4.2.2             Symfony Security Component - Guard
symfony/security-http                            v4.2.2             Symfony Security Component - HTTP Integration
symfony/stopwatch                                v4.2.2             Symfony Stopwatch Component
symfony/swiftmailer-bundle                       v3.2.5             Symfony SwiftmailerBundle
symfony/templating                               v4.2.2             Symfony Templating Component
symfony/translation                              v4.2.2             Symfony Translation Component
symfony/twig-bridge                              v4.2.2             Symfony Twig Bridge
symfony/twig-bundle                              v4.2.2             Symfony TwigBundle
symfony/validator                                v4.2.2             Symfony Validator Component
symfony/var-dumper                               v4.2.2             Symfony mechanism for exploring and dumping PHP variables
symfony/var-exporter                             v4.2.2             A blend of var_export() + serialize() to turn any serializable data structure to plain PHP code
symfony/web-profiler-bundle                      v4.2.2             Symfony WebProfilerBundle
symfony/web-server-bundle                        v4.2.2             Symfony WebServerBundle
symfony/yaml                                     v4.2.2             Symfony Yaml Component

For clarity - I'm running this project in production environment and I use Apache2 for this job.

In my project I have only one .env file without any *.local files with environment variables. The file looks like this:

APP_ENV=prod
APP_SECRET=928374923784mysecretkey92837498273

With these settings I don't see debug pages - CORRECT BEHAVIOR

APP_ENV=prod
APP_DEBUG=1
APP_SECRET=928374923784mysecretkey92837498273

If I add variable APP_DEBUG with value 1 - debug page is displayed - CORRECT BEHAVIOR

I added a custom environment with name prod1:

APP_ENV=prod1
APP_SECRET=928374923784mysecretkey92837498273

Now debug pages are visible by default - CORRECT BEHAVIOR

I added APP_DEBUG=0:

APP_ENV=prod1
APP_DEBUG=0
APP_SECRET=928374923784mysecretkey92837498273

and debug pages don't appear - CORRECT BEHAVIOR


So as you can see I can't reproduce this bug. In Symfony 4.2.2 everything seems to work properly. Search for an error in your project or web server configuration because this is the cause of the problem. I think that you overwrite the APP_DEBUG variable somewhere. Maybe in Apache/Nginx virtualhost configuration:

More informations here

enter image description here

As Siavas wrote, it can also be a cache. Try to delete the var/log directory manually and run composer install


Unfortunately I don't have more ideas, if the project is not strictly secret, you can share it on github, maybe then I will be able to help you more

Solution 3:[3]

Your configuration is correct.

Most likely this is a caching issue: try running php bin/console cache:clear.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2
Solution 3