redbitcz / php-debug-mode-enabler v5.0.0

PHP Debug mode enabler (not only for Nette framework)

download-cloud-line composer require redbitcz/debug-mode-enabler

PHP Debug Mode Enabler

Safe and clean way to manage Debug Mode in your app by specific environment and/or manually in App. Package automatically detects development environments and provide secure way to temporary switch Debug Mode of your App at any environment.


Package allows your app to switch to Debug Mode:

  • automatically on localhost's environment by IP,
  • semi-automatically on any environment where you set APP_DEBUG environment variable (useful for Docker dev-stack),
  • semi-automatically disable Debug mode on any environment where you set app-debug-mode cookie variable (useful for tests and similar cases),
  • manually enable/disable (force turn-on or turn-off) Debug Mode.

NOTE: Package does NOT provide any Debug tools directly – it only tells the app whether to switch to debug mode.

Package is optimized for invoking in very early lifecycle phase of your App


Package requires:

  • PHP version 8.0, 8.1, 8.2 or 8.3

Enabler requires:

  • Temporary directory with writable access

SignUrl plugin requires:


composer require redbitcz/debug-mode-enabler


Anywhere in your app you can determine if app is running in Debug mode by simple code:

$debugMode = \Redbitcz\DebugMode\Detector::detect(); //bool

It returns $debugMode = true when it detects Debug environment or manually switched.

Using with Nette

In Boostrap use package like in this example:

$debugModeDetector = new \Redbitcz\DebugMode\Detector();

$configurator = new Configurator();

I know, you love DI Container to build services like this. But Container Loader need to know Debug Mode state before is DI Container ready, you cannot use DI for Debug Mode detecting.

Using with Docker

If you are building custom Docker image for your devstack, add the environment variable APP_DEBUG=1. For example in Dockerfile file:


Avoid to publish these image to production!

Using with Docker compose

In your devstack set environment variable APP_DEBUG=1. For example in docker-compose.yml file:

    APP_DEBUG: 1

Manually switch

WARNING – DANGER ZONE: Following feature allows you to force Debug Mode on any environment, including production. Please use it with great caution only! Wrong use might cause critical security issue! Before using Enabler's feature, make sure your app is resistant to XSS, CSRF and similar attacks!

Enabler provide feature to force enable or disable Debug Mode anywhere for user's browser (drived by Cookie).

This example turn on Debug Mode for user's browser:

$enabler = new \Redbitcz\DebugMode\Enabler($tempDir);

$detector = new \Redbitcz\DebugMode\Detector(\Redbitcz\DebugMode\Detector::MODE_FULL, $enabler);



  • $enabler->activate(true) - force to Debug Mode turn on,
  • $enabler->activate(false) - force to Debug Mode turn off,
  • $enabler->deactivate() - reset back to automatically detection by environment.

Using with Nette

Debug Mode Enabler (unlike Debug Mode Detector) can be simply served through DI Container with configuration in config.neon:

    - Redbitcz\DebugMode\Enabler(%tempDir%)

At most cases this example creates second instance of Enabler class because first one is already created internally with Detector instance in Bootstrap.

To re-use already existing instance you can inject it to DI Container:

$tempDir = __DIR__ . '/../temp';
$enabler = new \Redbitcz\DebugMode\Enabler($tempDir);
$debugModeDetector = new \Redbitcz\DebugMode\Detector(\Redbitcz\DebugMode\Detector::MODE_FULL, $enabler);

$configurator = new Configurator();
$configurator->addServices(['debugModeEnabler' => $debugModeDetector->getEnabler()]);

Don't forget letting know DI Container with service declaration in config.neon:

        type: Redbitcz\DebugMode\Enabler
        imported: true


Detector supports custom plugin. You can build custom plugin to provide your own roles to manage Debug Mode. Plugin must implements Plugin interface what means add __invoke() method. That method is called always is Detector aksed to detect mode.

Plugin retuns result of detection:

  • null – no result – Detector will try to ask another plugin or detection method to decide
  • true – force turn-on debug mode for current request
  • false – force turn-off debug mode for current request

Note: You should return null value when Plugin doesn't explicitly matches rule. Boolean value is always stops processing detection rules.

Don't do this:

if (…) {
    return true;
} else {
    return false;

instead return null when your rule is not matched:

if (…) {
    return true;
} else {
    return null;

Your Plugin you can register to Detector with method appendPlugin() or prepedndPlugin().

$detector = new \Redbitcz\DebugMode\Detector();

$plugin = new MyPlugin();


$detector->isDebugMode(); // <---- this invoke all Plugins

SignUrl plugin

SignUrl plugin provide secure way to share link with activated Debug Mode.

$plugin = \Redbitcz\DebugMode\Plugin\SignedUrl::create('secretkey', 'HS256', '');

$signedUrl = $plugin->signUrl('', '+1 hour');

echo 'Private link with activated Debug mode: ' . htmlspecialchars($signedUrl, ENT_QUOTES | ENT_HTML5 | ENT_SUBSTITUTE);

Security notes

Wrong usage of the SignUrl plugin can open critical vulnerability issue at your App. Follow this instructions:

  • Always create SignUrl with strong and Secret key, use key generator like: base64_encode(random_bytes(32))
  • Always create SignUrl with specified $audience parameter which distinguishes versions of app (stage vs production) to prevent unwanted re-using signatures between them (read more about importance of audience).


The MIT License (MIT). Please see License File for more information.

  • v5.0.0 v5.0.0

    • Add support for PHP 8.3
    • [BC] Drop support for PHP 7.4
  • v4.0.1 v4.0.1

  • v4.0.0 4.0.0

    What's Changed

    • Add Firebase JWT v6 compatibility by @jakubboucek in #14
    • [BC] Rename Detector::detectProductionMode() to Detector::detectProduction()
    • [BC] Change default state to production mode for Detector::detectProduction()
    • Add support for PHP 8.2

    Full Changelog: v3.2.2...v4.0.0

  • v3.2.2 3.2.2

    Only added&updated License tags

  • v3.2.1 3.2.1

    • Fix token cookie on non-secure context (#12)
  • v3.2.0 3.2.0

    • Remove relations to previous remove fork-base (#9)
    • Throw warning when token file corrupted (#10)
    • Fix Array list format at token storage (#11)
  • v3.1.0 3.1.0

    • Add extendability by Plugin to add custom detection methods (#4, #5, #6)
    • Product mode detection (#7)
    • Strict code (#8)
  • v3.0.0 3.0.0

    Full refactoring library with refactored API (#1)


    • PHP 7.3 no more supported
    • Support tested up to PHP 8.1 (currently at RC2 stage)
    • Enabler and $tempDir are now optional.
    • Support enablind/disabling detecting modes (IP, Cookie, Environment, Enabler)
    • Enabler can configure Cookie options (Secure, HttpOnly, SameSite) and TTL.
  • v2.0.2 2.0.2

    • Detector: Add production mode method (for better Nette framework integration)
  • 2.0.1 2.0.1


    • Update typo bug in README doc (small but serious)
  • 2.0.0 2.0.0

    New fully refactored version







php (>=7.4)
ext-json (*)


Componette Componette