[WebProfilerBundle] Display environment variables #22406
Conversation
|
What if there are passwords in there? |
|
@iltar although your concern is true, we may already display passwords and other sensitive information in other panels. That's why it's suicidal to put the profiler in production or forget to remove app_dev.php (luckily Symfony Flex will avoid this issue). |
|
@javiereguiluz We use |
|
@iltar How could you distinguish sensitive data? |
|
I wonder how usefull this is. Profilers should show request dependent data, data that changes per request. Env variables are bound to the server, not the request, isn't it? |
It’s usefull when you use the environment variables to configure your application. http://fabien.potencier.org/symfony4-best-practices.html#environment-variables |
Yeah, but it doesn't change per request. If people find it usefull to get this information, I think a |
It’s possible. You can define a variable from bash command.
It’s a good idea, however environment variables may be different between the command line and the web server. |
|
I think @wouterj is right. The web profiler is about "things" that are related to the current request. |
|
@sanpii don't worry if this proposal is rejected. When using the new Dotenv component (as in Symfony Flex, Symfony 4.0, etc.) those env vars already appear in the profiler thanks to this line: https://github.com/symfony/dotenv/blob/master/Dotenv.php#L76 In this example, the
|
|
Good catch @javiereguiluz, then we're all good. |
|
@javiereguiluz I didn’t see, thank you! |
With the new dotenv component it’s usefull to have environment variables in the profiler page.