michael/michaelschiemer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7785e65d0884f686768292c42860fe20a9ed4901
michaelschiemer/src/Framework/ExceptionHandling/Renderers/ResponseErrorRenderer.php
Michael Schiemer 7785e65d08
All checks were successful
Test Runner / test-basic (push) Successful in 8s
Details
Test Runner / test-php (push) Successful in 7s
Details
Deploy Application / deploy (push) Successful in 1m28s
Details
fix(security): prevent debug error pages on staging/production 
Root cause: ExceptionHandlingInitializer attempted to autowire
EnvironmentType directly, but it was never registered in the DI
container. This caused the debug mode resolution to fail silently.

Changes:
- Use TypedConfiguration instead of EnvironmentType for proper DI
- Create ErrorHandlingConfig value object to centralize config
- Access debug mode via AppConfig.isDebugEnabled() which respects
  both APP_DEBUG env var AND EnvironmentType.isDebugEnabled()
- Register ErrorHandlingConfig as singleton in container
- Remove diagnostic logging from ResponseErrorRenderer

This ensures that staging/production environments (where
EnvironmentType != DEV) will not display stack traces, code context,
or file paths in error responses.
2025-11-25 15:01:40 +01:00

21 KiB
Raw Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink