[closed] Debug flag for containers/rules


#1

Hello,

I will change and submit a PR this evening but I thought I run this by the forum first:

This is about showing debug information when an error occurs in the display of a rule. Currently FarCry checks the url, but I think it should be checking request.mode.debug - what do you guys think? My reasoning is that the url bypasses any authentication/security and could expose information (such as paths) which can assist an attacker.

The line in question is:

Cheers


#2

It’s also inconvenient to have to keep typing debug on the URL. We infrequently use containers these days so its less of a nuisance than it use to be.

All the request.mode stuff should really be centrally managed and referenced via function calls; but ahead of any large scale refactoring little fixes here and there that just make sense are most welcome.


#3

Sorry for the delay!


#4

Thanks, I’ve merged the PR :slight_smile:


#5

Instead of breaking this functionality for everyone, why not have url.debug look for the updateappkey value set in the farcryConstructor (or allow a boolean if we’re logged in)? We do this with updateall and updateapp, so devs are already used to it.

This way when we still need the url var in a pinch, it’s still available (I know I use it often) and we can still use request.mode.debug in other situations.


#6

FarCry already does this - as far as I can see.

Setting the url debug value to the updateappkey sets request.mode.debug to 1. You can also just set url debug to 1 if you are logged into the webtop.

This is the same for all request.mode values.


#7

Okay, cool. Thanks…