I will change and submit a PR this evening but I thought I run this by the forum first:
This is about showing debug information when an error occurs in the display of a rule. Currently FarCry checks the url, but I think it should be checking
request.mode.debug - what do you guys think? My reasoning is that the url bypasses any authentication/security and could expose information (such as paths) which can assist an attacker.
The line in question is: