Hiding Environment Variables From Debug Pages
When an exception is uncaught and the APP_DEBUG
environment variable is true
,
the debug page will show all environment variables and their contents.
In some cases you may want to obscure certain variables. You may do this
by updating the debug_blacklist
option in your config/app.php
configuration file.
Some variables are available in both the environment variables and
the server / request data. Therefore, you may need to blacklist them for
both $_ENV
and $_SERVER
:
return [
// ...
'debug_blacklist' => [
'_ENV' => [
'APP_KEY',
'DB_PASSWORD',
],
'_SERVER' => [
'APP_KEY',
'DB_PASSWORD',
],
'_POST' => [
'password',
],
],
];