StackShield

Laravel Ignition Exposure

Easy

Checks if Laravel Ignition error page is exposed in production.

Estimated fix time: 5 minutes

What is Ignition?

Ignition is Laravel's beautiful error page showing detailed stack traces and debugging information. It should never be accessible in production as it exposes critical application details.

Security Impact

Severity: Critical

  • Complete application structure exposure
  • Environment variables visible
  • Database queries revealed
  • File paths disclosed
  • Dependency information exposed

How to Fix

1. Disable Debug Mode

APP_DEBUG=false
APP_ENV=production

2. Clear Configuration Cache

php artisan config:clear
php artisan config:cache

3. Restrict Ignition in Production

// config/ignition.php
'enable_share_button' => env('APP_DEBUG', false),
'enable_runnable_solutions' => env('APP_DEBUG', false),

4. Remove from Production (Optional)

composer remove spatie/laravel-ignition --dev

Or conditional loading:

{
    "require-dev": {
        "spatie/laravel-ignition": "^2.0"
    }
}

Verification Steps

  1. Set APP_DEBUG=false
  2. Trigger an error
  3. Verify generic error page is shown
  4. Confirm no stack trace visible
  5. Check Ignition is not accessible
  • Laravel Debug Mode
  • Telescope Exposure
  • Exposed .env Files

Automatically detect this issue

StackShield can automatically scan your Laravel application for this security issue and alert you when it's detected.

Start Free Trial
Was this guide helpful?

Related Security Issues

Laravel Telescope Exposure

Checks if Laravel Telescope debugging tool is exposed in production.

Easy

Laravel Debug Mode

Checks if Laravel debug mode is enabled in production.

Easy