Local and production should match even for Laravel tools
No Compromises · Joel Clermont and Aaron Saray
Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Ever installed a Laravel package locally and immediately accessed it, only to wonder later whether your access controls are actually working in production?
In the latest episode of the No Compromises podcast, we discuss why tools like Telescope and Horizon behave differently in local environments versus production, and why that inconsistency is a problem worth solving.
We make the case that developer convenience should never come at the cost of security confidence. If your gate logic cannot be exercised locally, you cannot truly trust it is protecting your production environment.
We also dig into how Aaron worked around the issue by overriding the package's service provider logic, and why Laravel has since made this easier to handle cleanly.
- (00:00) - Why local and production environments should match
- (01:42) - How Telescope's gate logic behaves differently locally
- (03:01) - The risk of untestable access control logic
- (07:53) - How Aaron overrode the service provider to fix it
- (10:23) - Silly bit
(00:00) Why local and production environments should match
(01:42) How Telescope's gate logic behaves differently locally
(03:01) The risk of untestable access control logic
(07:53) How Aaron overrode the service provider to fix it
(10:23) Silly bit
Our courses took the production hits so your app doesn't have to.