Symfony debug mode enabled
Description
The Symfony framework is running with debug mode enabled in a production environment. Debug mode is designed for development purposes and exposes detailed application internals, including configuration details, environment variables, stack traces, and internal file paths. This mode should only be enabled during development and must be disabled before deploying to production.
Remediation
Disable debug mode in production environments by setting the APP_DEBUG environment variable to false. This can be accomplished through the following steps:
1. Locate your .env or .env.local file in the Symfony project root directory
2. Set the debug flag to false:
APP_DEBUG=false
3. If using environment-specific configuration files, ensure your production environment (.env.prod) has:
APP_ENV=prod APP_DEBUG=false
4. Clear the application cache after making changes:
php bin/console cache:clear --env=prod
5. Verify the change by checking that error pages no longer display detailed stack traces and debug information. Consider implementing custom error pages for production use.