1)
Yes, to not show the error screen ( debug
) that in development is useful, but in production is unacceptable goes in the settings ( folder: config
) in the file app.php
and make sure you are:
'debug' => env('APP_DEBUG', false),
That is, it has a configuration file .env
that is set to true
put false
, in configuration APP_DEBUG
:
APP_ENV=local
APP_DEBUG=false
APP_KEY=base64:nwMoa0Q1chP1ksbWx+5iIeg4R7fsPlVG8ZUUk8jKEwE=
APP_URL=http://localhost
With this setting, the error screen ( debug
) is disabled.
2) Is there any way to reload this csrf_token
from time to time so there is no problem with my user?
This is a security factor, and I'm thinking that your session is expiring and therefore the csfr_token
has to be regenerated (there is the session
relation with csrf_token
). Check the folder: config
in the file session.php
as it is set lifetime
which is usually 120 minutes (% with%). Factors of 'lifetime' => 120
, programação
of server and client code ( erros
), can be factors that cause problem in checking javascript
, it is one of the (not the only) barriers that protect the your site against external attacks, check all the code that is being generated, possibly have errors that are not being observed. Want to load the screen from time to time may be a wrong alternative, I for example never had to do this with applications made with csfr_token
.
3) it's unpleasant to even check out an absurd error page.
As already explained in the 1) item, you can disable the #
ThisisthescreenthatappearswhensettingLaravel
,andthecodeisinsidethedebug
folderintheAPP_DEBUG=false
file.
Withvendor\symfony\debug\
thefilethatgeneratesthisinformationis VerifyCsrfToken.php , reading code is very advisable for learning and confirming the structure of how it is created and how this ExceptionHandler.php
is checked.
Error line of debug
VerifyCsrfToken.php , that is, in the ( csrf_token
) some of them or all return middleware
.