dusk: Exception: It is unsafe to run Dusk in production.

I just wanted to share what was my issue when getting this exception. When installing to production server I just needed to use the --no-dev flag.

composer install --no-dev

FYI, you can also get this issue if you don’t have a .env file

@jarnheimer you should not have DuskServiceProvider registered in your config/app.php providers. That’s what makes Dusk be registered in production and, hence, the exception, to protect you.

Dusk exposes an endpoint that allows anybody to login as an user of your system by simply knowing the id of the record.

@bitclaw Just to clarify. An env file is just one way to setup environment variables for Laravel. By default, Laravel assumes production and after the environment variables are loaded, the value may be overwritten. If you don’t have a .env file, but the operating system have actual environment variables, Laravel will pick that up. If you don’t have either, production will be assumed.

I’m ashamed to admit that I’d forgotten the --no-dev flag on one of my newer projects.

Either way, just wanted to add that if you arrive here and add the --no-dev flag as per @ajthinking’s comment, you may still face issues with your production server showing the error message.

If that happens, try connecting to the server manually and completely rebuilding the vendor directory:

cd <project-root>
rm -Rf vendor/
composer install --no-dev

You are right I should have clarified if you don’t have the APP_ENV defined in either the .env file or as an environment variable since Laravel’s env() and config() helper functions use inside the PHP getenv() function