Disable Symfony debug and profiler in production-like configs | Critiq Docs

#Metadata

Rule ID: php.security.symfony-debug-exposure
Severity: high
Confidence: 0.88
Languages: php
Presets: security, strict
Stability: stable
Applies to: block
Tags: debug, php, rules-catalog, security, symfony

#Why it matters

Debug and profiler exposure can leak internals, stack traces, secrets, and request details.

#Remediation

Keep `APP_DEBUG=0` in production and disable profiler bundles/toolbars outside local dev/test environments.

#Repository path

The generated metadata points to critiq-rules/libs/rules/catalog/rules/php/php.security.symfony-debug-exposure.rule.yaml.

Back to directory Open rule in repository