RoR Development Mode enabled
Description
The Ruby on Rails application is configured to run in development mode, which is intended only for local development environments. Development mode disables security features, enables verbose error pages with stack traces, exposes debugging information, and reveals internal application details such as middleware configuration, application paths, and framework internals. This configuration should never be used in production or publicly accessible environments as it significantly increases the attack surface.
Remediation
Immediately configure the Rails application to run in production mode. This can be accomplished through the following steps:
1. Set the RAILS_ENV environment variable to production:
export RAILS_ENV=production
2. If starting the server manually, explicitly specify production mode:
rails server -e production
3. For deployment environments, ensure your application server (Puma, Unicorn, Passenger, etc.) is configured with the production environment. For example, in config/puma.rb:
environment ENV.fetch("RAILS_ENV") { "production" }4. Verify the environment is correctly set by checking Rails.env in the console:
rails console Rails.env.production? # Should return true
5. Ensure all deployment scripts, systemd services, or container configurations explicitly set RAILS_ENV=production to prevent accidental reversion to development mode.