English
English
ThinkPHP is a lightweight PHP development framework offering abundant tools and thorough documentation to help developers quickly build applications. The Trace debug mode is a built-in feature that shows real-time debugging information such as request parameters, database queries, and SQL execution times, facilitating problem diagnosis during development. However, leaving Trace mode enabled in production can expose sensitive information and pose security risks. Therefore, it is recommended to disable Trace mode in production environments. This article explains the detailed steps to disable Trace mode.
The most straightforward way to disable Trace mode is by editing the configuration file. Open the config.php file located in the project root directory and locate the following configuration:
<?php
// Enable application Trace debug mode
'trace' => [
// Built-in Html Console support extension
'type' => 'Html',
],
// Other configuration options
// ...
Change this to disable Trace mode as follows:
<?php
// Disable application Trace debug mode
'trace' => false,
// Other configuration options
// ...
Another way to disable Trace mode is through environment variables. Open the .env file in the project root directory and find the Trace debug related setting:
# Enable application Trace debug mode
APP_TRACE=true
# Other configuration options
# ...
Change APP_TRACE=true to APP_TRACE=false to turn off Trace mode.
After disabling Trace mode, ensure the setting is effective by triggering a 404 error page. You can call a non-existent method in a controller and check the page source of the resulting error page.
If Trace mode is still enabled, the page source will include HTML code related to Trace debug info, such as:
<div id="think_trace" class="trace">
<h1>404 Error</h1>
<p>Unfortunately, the page you requested does not exist.</p>
<p><a href="javascript:;" onclick="window.history.back();">Back</a></p>
</div>
If Trace mode is disabled, the source will only show a simple 404 error message:
<h1>404 Error</h1>
<p>Unfortunately, the page you requested does not exist.</p>
By editing either the configuration file or environment variables, developers can easily disable the Trace debug mode in ThinkPHP to prevent leakage of sensitive debugging information in production environments, thus improving application security. It is highly recommended to verify that Trace mode is turned off before deploying your application to ensure stable operation and data protection.
