-
Notifications
You must be signed in to change notification settings - Fork 437
Allowing access to the console
Currently, you get the default page if you are not accessing from localhost.
Obviously, the Better Errors console is not something you want to expose to the public, and there may be sensitive information available in the backtrace.
Rails has a configuration variable named consider_all_requests_local that Better Errors uses to determine if the console can be shown.
Better Errors will only show the console if consider_all_requests_local is enabled.
It's enabled by default in development.
However, Better Errors only shows the console when consider_all_requests_local is enabled and when the IP address matches the pattern given.
So follow the instructions below to allow additional IP addresses to reach the console.
If you run your application in Vagrant, Docker, VirtualBox or another container service, you will need to take additional steps to give yourself access. See Running on virtual machines.
For example, on Rails modify config/environments/development.rb:
# Allow a specific IP address:
BetterErrors::Middleware.allow_ip! '192.168.1.2'
# Allow the local 192.168.x.x block of addresses using CIDR notation:
BetterErrors::Middleware.allow_ip! '192.168.0.0/16'
# Allow the same block using an IPAddr object:
BetterErrors::Middleware.allow_ip! IPAddr.new('192.168.0.0/16')Note that the allow_ip! is actually backed by a Set, so you can add more than one IP address or subnet.
(It would not be good practice to commit these to source control.)
To poke selective holes in this security mechanism, you can add a line like this to your startup (for example, on Rails it would be config/environments/development.rb)
BetterErrors::Middleware.allow_ip! ENV['TRUSTED_IP'] if ENV['TRUSTED_IP']Then run Rails like this:
TRUSTED_IP=66.68.96.220 rails sTip: You can find your apparent IP by hitting the old error page's "Show env dump" and looking at "REMOTE_ADDR".