Rails application running in development mode
Description
This Ruby on Rails application is configured to run in development mode rather than production mode. Development mode is designed for local testing and debugging, and enables verbose error pages, automatic code reloading, and detailed diagnostic information. When exposed in a production environment, these features can leak sensitive application internals including source code paths, database schema details, environment variables, and stack traces to unauthorized users.
Remediation
Configure the Rails application to run in production mode immediately. This involves setting the RAILS_ENV environment variable and ensuring proper production configuration:
1. Set the environment variable before starting the server:
export RAILS_ENV=production rails server
2. Alternatively, specify the environment when starting the server:
rails server -e production
3. For deployment environments, ensure your web server (Nginx, Apache, Passenger, etc.) is configured to set RAILS_ENV=production.
4. Verify the production environment configuration in config/environments/production.rb includes:
config.consider_all_requests_local = false config.action_controller.perform_caching = true
5. After switching to production mode, precompile assets and restart the application server to ensure all changes take effect.