CODEWITHSUNDEEP
laraveleloquentlaravel-middleware
Joney Spark
Joney Spark

Reputation: 265

How to Solve Facade\Ignition\Http\Middleware\IgnitionEnabled?

----------------------------------------------------------------------------------+
| Domain | Method   | URI                        | Name             | Action                                                                 | Middleware
                                                                                  |
+--------+----------+----------------------------+------------------+------------------------------------------------------------------------+--------------------------------------------------
----------------------------------------------------------------------------------+
|        | GET|HEAD | /                          |                  | Closure                                                                | web
                                                                                  |
|        | POST     | _ignition/execute-solution |                  | Facade\Ignition\Http\Controllers\ExecuteSolutionController             | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions |
|        | GET|HEAD | _ignition/health-check     |                  | Facade\Ignition\Http\Controllers\HealthCheckController                 | Facade\Ignition\Http\Middleware\IgnitionEnabled
                                                                                  |
|        | GET|HEAD | _ignition/scripts/{script} |                  | Facade\Ignition\Http\Controllers\ScriptController                      | Facade\Ignition\Http\Middleware\IgnitionEnabled
                                                                                  |
|        | POST     | _ignition/share-report     |                  | Facade\Ignition\Http\Controllers\ShareReportController                 | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableShareButton       |
|        | GET|HEAD | _ignition/styles/{style}   |                  | Facade\Ignition\Http\Controllers\StyleController                       | Facade\Ignition\Http\Middleware\IgnitionEnabled

Upvotes: 9

Views: 20812

Answers (5)

Ali Muhammad
Ali Muhammad

Reputation: 31

i tried both salutions

1.    IGNITION_ENABLE_RUNNABLE_SOLUTIONS=false in .env and APP_DEBUG=false
2.    composer update facade/ignition

and still under attacks

local.INFO: POST /_ignition/execute-solution - Body: {"solution":"Facade\\Ignition\\Solutions\\MakeViewVariableOptionalSolution","parameters":{"variableName":"zzzz","viewFile":"php:\/\/filter\/write=convert.iconv.utf-8.utf-16le|convert.quoted-printable-encode|convert.iconv.utf-16le.utf-8|convert.base64-decode\/resource=..\/storage\/logs\/laravel.log"}} - Headers: {"host":["13.238.123.22:80"],"user-agent":["Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/78.0.3904.108 Safari\/537.36"],"connection":["close"],"content-length":["356"],"content-type":["application\/json"],"accept-encoding":["gzip"]} - Files:

here is my plugin version of facade/ignition

name     : facade/ignition
descrip. : A beautiful error page for Laravel applications.
keywords : error, flare, laravel, page
versions : * 2.17.7

Upvotes: 0

Tung Pham
Tung Pham

Reputation: 1

put IGNITION_ENABLE_RUNNABLE_SOLUTIONS=false in .env and APP_DEBUG=false

Upvotes: 0

Stalinko
Stalinko

Reputation: 3656

Up to date solution for this problem:

  1. Update facade/ignition:

composer update facade/ignition

  1. If you don't have config/ignition.php then run:

php artisan vendor:publish --tag=ignition-config

  1. Then make this edition:

'enable_runnable_solutions' => false,

Upvotes: 3

pableiros
pableiros

Reputation: 16062

If you have a lot of POST request /_ignition/execute-solution in your production server by a random attacker and you notice that request call to the following controller and middlewares:

Controller  Facade\Ignition\Http\Controllers\ExecuteSolutionController
Middleware  Facade\Ignition\Http\Middleware\IgnitionEnabled, Facade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions

you have to set APP_DEBUG to false in your .env file instead of removing the Facade/Ignition package.

Upvotes: 12

Salim Djerbouh
Salim Djerbouh

Reputation: 11044

It's not a problem to solve, these are the routes of the new debugging package for Laravel 6 called Facade/Ignition

They are required so Laravel can show you errors when they occur

So just ignore them

However, if you want to remove these routes (which is not recommended), you can remove this line from composer.json

 "require-dev": {
        "facade/ignition": "^1.4", <--- Remove this one
        "fzaninotto/faker": "^1.4",
        "mockery/mockery": "^1.0",
        "nunomaduro/collision": "^3.0",
        "phpunit/phpunit": "^8.0"
    },

And run 

composer update

But then you wouldn't see custom error pages but the default PHP7 errors table and stack trace.

You can still get the old package filp/whoops by installing it

composer require filp/whoops

Upvotes: 8

Related Questions