如何解决Facade\Ignition\Http\Middleware\IgnitionEnabled?
How to Solve Facade\Ignition\Http\Middleware\IgnitionEnabled?
----------------------------------------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware
|
+--------+----------+----------------------------+------------------+------------------------------------------------------------------------+--------------------------------------------------
----------------------------------------------------------------------------------+
| | GET|HEAD | / | | Closure | web
|
| | POST | _ignition/execute-solution | | Facade\Ignition\Http\Controllers\ExecuteSolutionController | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions |
| | GET|HEAD | _ignition/health-check | | Facade\Ignition\Http\Controllers\HealthCheckController | Facade\Ignition\Http\Middleware\IgnitionEnabled
|
| | GET|HEAD | _ignition/scripts/{script} | | Facade\Ignition\Http\Controllers\ScriptController | Facade\Ignition\Http\Middleware\IgnitionEnabled
|
| | POST | _ignition/share-report | | Facade\Ignition\Http\Controllers\ShareReportController | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableShareButton |
| | GET|HEAD | _ignition/styles/{style} | | Facade\Ignition\Http\Controllers\StyleController | Facade\Ignition\Http\Middleware\IgnitionEnabled
解决不了,这些是Laravel 6的新调试包的路由,叫做Facade/Ignition
它们是必需的,因此 Laravel 可以在错误发生时向您显示错误
所以忽略他们
但是,如果你想删除这些路由(不推荐),你可以从composer.json
中删除这一行
"require-dev": {
"facade/ignition": "^1.4", <--- Remove this one
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^3.0",
"phpunit/phpunit": "^8.0"
},
和运行
composer update
但是你不会看到自定义错误页面,而是默认的 PHP7 错误 table 和堆栈跟踪。
您仍然可以通过安装获得旧软件包filp/whoops
composer require filp/whoops
如果随机攻击者在您的生产服务器中发出大量 POST 请求 /_ignition/execute-solution,并且您注意到该请求调用了以下控制器和中间件:
Controller Facade\Ignition\Http\Controllers\ExecuteSolutionController
Middleware Facade\Ignition\Http\Middleware\IgnitionEnabled, Facade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions
您必须在 .env 文件中将 APP_DEBUG 设置为 false,而不是删除 Facade/Ignition 包。
此问题的最新解决方案:
- 更新
facade/ignition:
composer update facade/ignition
- 如果你没有
config/ignition.php 那么 运行:
php artisan vendor:publish --tag=ignition-config
- 然后制作这个版本:
'enable_runnable_solutions' => false,
----------------------------------------------------------------------------------+
| Domain | Method | URI | Name | Action | Middleware
|
+--------+----------+----------------------------+------------------+------------------------------------------------------------------------+--------------------------------------------------
----------------------------------------------------------------------------------+
| | GET|HEAD | / | | Closure | web
|
| | POST | _ignition/execute-solution | | Facade\Ignition\Http\Controllers\ExecuteSolutionController | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions |
| | GET|HEAD | _ignition/health-check | | Facade\Ignition\Http\Controllers\HealthCheckController | Facade\Ignition\Http\Middleware\IgnitionEnabled
|
| | GET|HEAD | _ignition/scripts/{script} | | Facade\Ignition\Http\Controllers\ScriptController | Facade\Ignition\Http\Middleware\IgnitionEnabled
|
| | POST | _ignition/share-report | | Facade\Ignition\Http\Controllers\ShareReportController | Facade\Ignition\Http\Middleware\IgnitionEnabled,F
acade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableShareButton |
| | GET|HEAD | _ignition/styles/{style} | | Facade\Ignition\Http\Controllers\StyleController | Facade\Ignition\Http\Middleware\IgnitionEnabled
解决不了,这些是Laravel 6的新调试包的路由,叫做Facade/Ignition
它们是必需的,因此 Laravel 可以在错误发生时向您显示错误
所以忽略他们
但是,如果你想删除这些路由(不推荐),你可以从composer.json
"require-dev": {
"facade/ignition": "^1.4", <--- Remove this one
"fzaninotto/faker": "^1.4",
"mockery/mockery": "^1.0",
"nunomaduro/collision": "^3.0",
"phpunit/phpunit": "^8.0"
},
和运行
composer update
但是你不会看到自定义错误页面,而是默认的 PHP7 错误 table 和堆栈跟踪。
您仍然可以通过安装获得旧软件包filp/whoops
composer require filp/whoops
如果随机攻击者在您的生产服务器中发出大量 POST 请求 /_ignition/execute-solution,并且您注意到该请求调用了以下控制器和中间件:
Controller Facade\Ignition\Http\Controllers\ExecuteSolutionController
Middleware Facade\Ignition\Http\Middleware\IgnitionEnabled, Facade\Ignition\Http\Middleware\IgnitionConfigValueEnabled:enableRunnableSolutions
您必须在 .env 文件中将 APP_DEBUG 设置为 false,而不是删除 Facade/Ignition 包。
此问题的最新解决方案:
- 更新
facade/ignition:
composer update facade/ignition
- 如果你没有
config/ignition.php那么 运行:
php artisan vendor:publish --tag=ignition-config
- 然后制作这个版本:
'enable_runnable_solutions' => false,