symfony/demo

The kernel.secret parameter is needed

Closed this issue · 2 comments

javiereguiluz commented

In #1532, while upgrading to Symfony 7.2, we removed the APP_SECRET value in the .env file. In theory, this is fine to do in Symfony 7.2. But in practice I'm seeing an error.

Steps to reproduce

git clone https://github.com/symfony/demo.git my_project
cd my_project/
composer install

Error

Then, run symfony serve and browse the app:

imagen

Full stack trace

Symfony\Component\DependencyInjection\Exception\EmptyParameterValueException:
A non-empty value for the parameter "kernel.secret" is required. Did you forget to configure the "framework.secret" option?

  at my_project/var/cache/dev/ContainerKgzZxQJ/App_KernelDevDebugContainer.php:2068
  at ContainerKgzZxQJ\App_KernelDevDebugContainer->getParameter('kernel.secret')
     (my_project/var/cache/dev/ContainerKgzZxQJ/App_KernelDevDebugContainer.php:1384)
  at ContainerKgzZxQJ\App_KernelDevDebugContainer::getFragment_ListenerService(object(App_KernelDevDebugContainer))
     (my_project/var/cache/dev/ContainerKgzZxQJ/App_KernelDevDebugContainer.php:801)
  at ContainerKgzZxQJ\App_KernelDevDebugContainer::ContainerKgzZxQJ\{closure}()
     (my_project/vendor/symfony/event-dispatcher/EventDispatcher.php:146)
  at Symfony\Component\EventDispatcher\EventDispatcher->removeListener('kernel.request', array(object(DebugHandlersListener), 'configure'))
     (my_project/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:256)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->preProcess('kernel.request')
     (my_project/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:116)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(RequestEvent), 'kernel.request')
     (my_project/vendor/symfony/http-kernel/HttpKernel.php:159)
  at Symfony\Component\HttpKernel\HttpKernel->handleRaw(object(Request), 2)
     (my_project/vendor/symfony/http-kernel/HttpKernel.php:76)
  at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 2, false)
     (my_project/vendor/symfony/http-kernel/EventListener/ErrorListener.php:97)
  at Symfony\Component\HttpKernel\EventListener\ErrorListener->onKernelException(object(ExceptionEvent), 'kernel.exception', object(TraceableEventDispatcher))
     (my_project/vendor/symfony/event-dispatcher/Debug/WrappedListener.php:115)
  at Symfony\Component\EventDispatcher\Debug\WrappedListener->__invoke(object(ExceptionEvent), 'kernel.exception', object(TraceableEventDispatcher))
     (my_project/vendor/symfony/event-dispatcher/EventDispatcher.php:206)
  at Symfony\Component\EventDispatcher\EventDispatcher->callListeners(array(object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener), object(WrappedListener)), 'kernel.exception', object(ExceptionEvent))
     (my_project/vendor/symfony/event-dispatcher/EventDispatcher.php:56)
  at Symfony\Component\EventDispatcher\EventDispatcher->dispatch(object(ExceptionEvent), 'kernel.exception')
     (my_project/vendor/symfony/event-dispatcher/Debug/TraceableEventDispatcher.php:122)
  at Symfony\Component\EventDispatcher\Debug\TraceableEventDispatcher->dispatch(object(ExceptionEvent), 'kernel.exception')
     (my_project/vendor/symfony/http-kernel/HttpKernel.php:241)
  at Symfony\Component\HttpKernel\HttpKernel->handleThrowable(object(EmptyParameterValueException), object(Request), 1)
     (my_project/vendor/symfony/http-kernel/HttpKernel.php:91)
  at Symfony\Component\HttpKernel\HttpKernel->handle(object(Request), 1, true)
     (my_project/vendor/symfony/http-kernel/Kernel.php:182)
  at Symfony\Component\HttpKernel\Kernel->handle(object(Request))
     (my_project/vendor/symfony/runtime/Runner/Symfony/HttpKernelRunner.php:35)
  at Symfony\Component\Runtime\Runner\Symfony\HttpKernelRunner->run()
     (my_project/vendor/autoload_runtime.php:29)
  at require_once('my_project/vendor/autoload_runtime.php')
     (my_project/public/index.php:5)

Pinging @nicolas-grekas because I don't know if we're missing something in Symfony Demo or if we need to fix anything in Symfony itself. Thanks!

nicolas-grekas commented

We should generate a secret and put it in .env.dev, see symfony/recipes#1343

nicolas-grekas commented

Or we might reopen #1531
The issue with committing a pre-generated secret in this repo is that it will end up in hacking scripts that have a collection of secrets to try to hack Symfony apps, and it might succeed on some apps when devs were lazy and borrowed the secret from here.