Hello,
I will change and submit a PR this evening but I thought I run this by the forum first:
This is about showing debug information when an error occurs in the display of a rule. Currently FarCry checks the url, but I think it should be checking request.mode.debug - what do you guys think? My reasoning is that the url bypasses any authentication/security and could expose information (such as paths) which can assist an attacker.
The line in question is:
Cheers
Itās also inconvenient to have to keep typing debug on the URL. We infrequently use containers these days so its less of a nuisance than it use to be.
All the request.mode stuff should really be centrally managed and referenced via function calls; but ahead of any large scale refactoring little fixes here and there that just make sense are most welcome.
Sorry for the delay!
Thanks, Iāve merged the PR 
Instead of breaking this functionality for everyone, why not have url.debug look for the updateappkey value set in the farcryConstructor (or allow a boolean if weāre logged in)? We do this with updateall and updateapp, so devs are already used to it.
This way when we still need the url var in a pinch, itās still available (I know I use it often) and we can still use request.mode.debug in other situations.
FarCry already does this - as far as I can see.
Setting the url debug value to the updateappkey sets request.mode.debug to 1. You can also just set url debug to 1 if you are logged into the webtop.
This is the same for all request.mode values.
Okay, cool. Thanksā¦