Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Browse files

Merge pull request #50 from alphagov/disable_limited_exception_pages_…


Disable (limited) exception/debug pages in production
  • Loading branch information...
commit e79accfe2bee01124769852978762b1e1ca9a41b 2 parents 8a757f0 + d012493
@heathd heathd authored
Showing with 8 additions and 0 deletions.
  1. +8 −0 config/environments/production.rb
8 config/environments/production.rb
@@ -7,6 +7,14 @@
# Full error reports are disabled and caching is turned on
config.consider_all_requests_local = false
config.action_controller.perform_caching = true
+ # Disable even limited exception/debug pages in production for two reasons:
+ # 1) our backend rails apps get X-Forwarded-For & Client-IP for all requests
+ # as 10.x.x.x, which is a trusted proxy. This means they render the
+ # limited exception/debug pages.
+ # 2) our backend rails apps receive requests from other apps that might
+ # appear to be on trusted proxy IPs, so we might render exception/debug
+ # page, which could then be exposed in a frontend app to the world.
+ config.action_dispatch.show_exceptions = false
# Disable Rails's static asset server (Apache or nginx will already do this)
config.serve_static_assets = false

0 comments on commit e79accf

Please sign in to comment.
Something went wrong with that request. Please try again.