Skip to content

Allow to change the environment, kernel.debug and HttpCache by cookie #679

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Allow to change the environment, kernel.debug and HttpCache by cookie #679

wants to merge 1 commit into from

Conversation

mpdude
Copy link

@mpdude mpdude commented Nov 17, 2019

Q A
License MIT
Doc issue/PR TODO

I would like to propose the possibility to use cookies to change the Kernel environment, debug mode and enabling the HttpCache.

This is helpful if you want to

  • find out why things work in your dev environment, but fail with production settings
  • benchmark some requests with kernel.debug disabled or with the HttpCache
  • control the environment during high-level integration or acceptance tests

This solution is convenient because it can easily be used from a browser. Cookies will persist for subsequent requests and will not otherwise "pollute" the URL. JavaScript/Bookmarklets can be used to easily set, change or revert settings. Also, the cookies can easily be added in tools like curl, ab or a Behat/Mink session.

The alternative of editing .env files and/or the index.php file is not easily available in automated test setups. Also, you cannot have two browser instances/windows in parallel that work with different settings at the same time.

Of course, this should only be possible under very special conditions, namely your development environment. So, a SYMFONY_ALLOW_OVERRIDE environment variable must have been set in the webserver to allow it.

ghost
ghost approved these changes Nov 17, 2019
View reviewed changes
Copy link

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request passes validation.

@nicolas-grekas
Copy link
Member

This looks very dangerous to me. People will enable this on prod for sure. This file is yours so if you want to do this, fine, but I wouldn't make this available by default to everyone, even under an opt-in env var.

@mpdude
Copy link
Author

mpdude commented Nov 18, 2019
edited
Loading

I can accept your 👎s if the reason is just to prevent people from harming themselves. May I assume that if there were better or established ways of doing this, you would have mentioned it?

In particular, I think about running full-scale integration tests (over HTTP) on my local machine, without the need of duplicating the index.php and/or changing back and forth the APP_ENV in .env.local.

@Nyholm
Copy link
Member

Nyholm commented Nov 28, 2019

As discussed on Slack:
This is a great way to easily debug applications using ESI with Symfony Cache. However, it is not used by 80% of the applications and (as Nicolas says) it makes it really easy to accidentally write insecure applications.

May I assume that if there were better or established ways of doing this, you would have mentioned it?

Im not aware of a workaround that does the same thing but is less secure. :/

Im going to close this PR. But I encourage you to post this solution on a blog or a gist.

@Nyholm Nyholm closed this Nov 28, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mpdude @nicolas-grekas @Nyholm