Could not get it to work for non-local environment about telescope HOT 40 CLOSED

in my side, i found the problem was on its Authorization mechanism. so, we can replace it with our own auth mechanisme. now, mine is:

in config/telescope.php

    'middleware' => [
        'web',
        // Authorize::class,
        'admin'
    ],

from telescope.

Remove this from the register function

    Telescope::filter(function (IncomingEntry $entry) {
            if ($this->app->environment() == 'local') {
                return true;
            }

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
    });

from telescope.

The problem appears to be the following method in TelescopeApplicationServiceProvider:

    /**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            return app()->environment('local') ||
                   Gate::check('viewTelescope', [$request->user()]);
        });
    }

I overrode this method in my TelescopeServiceProvider and defined my own auth closure:

    /**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            return app()->environment(['local', 'staging']) ||
                   Gate::check('viewTelescope', [$request->user()]);
        });
    }

This allowed me to access telescope in my staging environment. I tried changing my gate() override and it didn't appear to work. This was the only way that I could reliably get it to work.

from telescope.

Changed the Authorize middleware by my own as following:

class Authorize
{

    /**
     * @param $request
     * @param $next
     * @return mixed
     */
    public function handle($request, $next)
    {
        return $next($request);
    }
}

It fixed the 403 Forbidden on a production server.
Used with the removal of the Telescope::filter, it fixed the whole thing for me.

from telescope.

I am not sure if it's only me or it is a bug but, i think i found the issue. The problem is it doesn't discover App\Providers\TelescopeServiceProvider::class, So adding App\Providers\TelescopeServiceProvider::class, in config/app.php fixes it. Then i can set in .env file

APP_ENV=production

and in app\Providers\TelescopeServiceProvider.php

  /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return in_array($user->email, [
                "[email protected]",
            ]);
        });
    }

then without any issue i can reach /telescope with the user [email protected] logged in.

from telescope.

Guys, we'd love to help but we aren't able to reproduce this.

So, here are some guidelines/checks:

1. Do you see any error logs (backend logs or console frontend errors)?
2. Do you have a Telescope::filter or Telescope::filterBatch call in your App\Providers\TelescopeServiceProvider? If yes, does it satisfy the filter condition? The default TelescopeServiceProvider stub allows all entries to be recorded in local environments but for production only allows reportable exceptions, failed jobs, scheduled tasks and monitored tag entries to be recorded.
3. Did your authorization pass through? The default authorization method in the TelescopeServiceProvider stub always passes for local environments but does the gate check for production.
4. Do you have auto discovery enabled in production? If not, did you add the Laravel\Telescope\TelescopeServiceProvider in your config/app.php?
5. Did you add your App\Providers\TelescopeServiceProvider to your config/app.php?
6. Is telescope enabled in production? Check the env variable TELESCOPE_ENABLED if set. Defaults to true if not set.

If all of these are okay but you're still facing issues, please share a Github repo with this reproducible issue.

from telescope.

+1 I got 403 Forbidden in Production even if the Gate returns always true

from telescope.

@Braunson number 2 seems to be your issue. Your filter is setup to only record reportable exceptions, failed jobs, scheduled tasks or monitored tags in production but will record everything in local. If you remove the Telescope::filter callback, everything should be recorded.

from telescope.

As @glendmaatita says I did a middleware exclusively for telescope
// telescope.php

    'middleware' => [
        'web',
        TelescopeMiddleware::class,
        // Authorize::class,
    ],

php artisan make:middleware TelescopeMiddleware

class TelescopeMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        
        if(auth()->check() && auth()->user()->email == "[email protected]"){

            return $next($request);
        }
        abort(403);
    }
}

from telescope.

Same here! It works when I use APP_ENV=local.

I tried @DrAmen solution but It didn't worked for me.

app.php

'providers' => [

        /*
     * Laravel Framework Service Providers...
     */
        Illuminate\Auth\AuthServiceProvider::class,
        Illuminate\Broadcasting\BroadcastServiceProvider::class,
        Illuminate\Bus\BusServiceProvider::class,
        Illuminate\Cache\CacheServiceProvider::class,
        Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
        Illuminate\Cookie\CookieServiceProvider::class,
        Illuminate\Database\DatabaseServiceProvider::class,
        Illuminate\Encryption\EncryptionServiceProvider::class,
        Illuminate\Filesystem\FilesystemServiceProvider::class,
        Illuminate\Foundation\Providers\FoundationServiceProvider::class,
        Illuminate\Hashing\HashServiceProvider::class,
        Illuminate\Mail\MailServiceProvider::class,
        Illuminate\Notifications\NotificationServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,
        Illuminate\Pipeline\PipelineServiceProvider::class,
        Illuminate\Queue\QueueServiceProvider::class,
        Illuminate\Redis\RedisServiceProvider::class,
        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
        Illuminate\Session\SessionServiceProvider::class,
        Illuminate\Translation\TranslationServiceProvider::class,
        Illuminate\Validation\ValidationServiceProvider::class,
        Illuminate\View\ViewServiceProvider::class,

        /*
         * Package Service Providers...
         */

        /*
         * Application Service Providers...
         */
        App\Providers\AppServiceProvider::class,
        App\Providers\AuthServiceProvider::class,
        // App\Providers\BroadcastServiceProvider::class,
        App\Providers\EventServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
        App\Providers\RouteServiceProvider::class,

        // Agregados por mí.
        crocodicstudio\crudbooster\CRUDBoosterServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
    ],

TelescopeServiceProvider.php

protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });
    }

from telescope.

This issue is due to an empty or non logged user. Laravel gate receives user as the first argument if it's empty it doesn't care about internal code. If you want to use it without gate just remove gate function from TelescopeServiceProvider class and override authorization function. See the example below.

protected function authorization()
{
    $this->gate();

    Telescope::auth(function ($request) {
        return app()->environment('local') ||
               in_array($request->ip(), config('allowed_ip_addresses.telescope'));
    });
}

I removed the gate define as well as gate check, so the issue is resolved.

from telescope.

excuse me I can not connect to the dashboard with a non local env

  public function register()
    {
        // Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
           return true;

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
        });
    }

from telescope.

Changing telescope authorization middleware with laravel's authentication middleware worked for me. It's just a workaround.

'middleware' => [
        'web',
       // Authorize::class,
        \App\Http\Middleware\Authenticate::class,
 ],

from telescope.

+1, can't connect the dashboard with production env.

from telescope.

I'm having this issue as well now, as of 13 days ago. Requests aren't being logged (among other things) in a production environment anymore.

from telescope.

If you've been following the instructions in the section "Installing Only In Specific Environments" you'll need to ensure that you update your AppServiceProvider accordingly, e.g.

public function register()
{
	if ($this->app->environment('local') || $this->app->environment('staging')) {
		$this->app->register(TelescopeServiceProvider::class);
	}
}

from telescope.

in my side, i found the problem was on its Authorization mechanism. so, we can replace it with our own auth mechanisme. now, mine is:

in config/telescope.php

    'middleware' => [
        'web',
        // Authorize::class,
        'admin'
    ],

Thanks, i just comment 'Authorize::class'

from telescope.

Telescope's gate can run right when Auth::user() had value.
So,if you didn't login,you could not view telescope in production.
You can rewrite Authorize::class, like return config('telescope.enabled') ? $next($request) : abort(403);.

from telescope.

I can solve it by rewrite authorization method

/**
     * Configure the Telescope authorization services.
     *
     * @return void
     */
    protected function authorization()
    {
        $this->gate();

        Telescope::auth(function ($request) {
            if ($request->get('_token')) {
                $user = PersonalAccessToken::findToken($request->get('_token'))->tokenable;
                return $user->name === 'admin';
            }

            return Gate::check('viewTelescope', [$request]);
        });
    }

from telescope.

@L3o-pold Perfect, Thanks

from telescope.

@120dev It should works, what kind of message do you have?

from telescope.

Telescope here works perfectly local, we have a 'staging' environment where we setup Telescope now like this:

Telescope::filter(function (IncomingEntry $entry) {
			return true;
			return $entry->isReportableException() ||
				   $entry->isFailedJob() ||
				   $entry->isScheduledTask() ||
				   $entry->hasMonitoredTag();
		});
	}

	/**
	 * Register the Telescope gate.
	 *
	 * This gate determines who can access Telescope in non-local environments.
	 *
	 * @return void
	 */
	protected function gate()
	{
		Gate::define('viewTelescope', function ($user) {
			return ends_with($user->email, "@ourcompany.com");
		});
	}

Locally this works fine, the viewTelescope protection works fine too in staging. We can open Telescope but there are no entries in staging, EXCEPT when we change APP_ENV=local in the environment files of staging, but this work around is not desirable at all.

We need to distinguish our environments for monitoring errors and other relevant environment based information.

Any suggestions?

from telescope.

I just updated to Telescope 1.0 and the problem is still the same.

Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });

from telescope.

@paras-malhotra

1. No errors
2. Yes see below, but it's the same as the docs, also it records everything properly on local but not on production/development environment.
3. Yes I can see Telescope on all environments properly
4. Yes
5. Yes

<?php

namespace App\Providers;

use Laravel\Spark\Spark;
use Laravel\Telescope\EntryType;
use Laravel\Telescope\Telescope;
use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Contracts\EntriesRepository;
use Laravel\Telescope\TelescopeApplicationServiceProvider;

class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
            // Are we local?
            if ($this->app->environment() == 'local') {
                return true;
            }

            return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return Spark::developer($user->email);
        });
    }
}

from telescope.

@paras-malhotra Ah ok, It was weird because this previous to v0.1.8/1.0 everything recorded regardless of environment. Must have been a code change

from telescope.

@paras-malhotra

1. I can't see any error in the logs. In addition, I use Sentry and no error is reported.
   

2. Telescope is recording events even in production.
   

3. Which authorization method? This is my code:

<?php

namespace App\Providers;

use Illuminate\Support\Facades\Gate;
use Laravel\Telescope\IncomingEntry;
use Laravel\Telescope\Telescope;
use Laravel\Telescope\TelescopeApplicationServiceProvider;

class TelescopeServiceProvider extends TelescopeApplicationServiceProvider
{
    /**
     * Register any application services.
     *
     * @return void
     */
    public function register()
    {
        // Telescope::night();

        Telescope::filter(function (IncomingEntry $entry) {
            if ($this->app->environment('local')) {
                return true;
            }

            return $entry->isReportableException() ||
                $entry->isFailedJob() ||
                $entry->isScheduledTask() ||
                $entry->hasMonitoredTag();
        });
    }

    /**
     * Register the Telescope gate.
     *
     * This gate determines who can access Telescope in non-local environments.
     *
     * @return void
     */
    protected function gate()
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
            // return \CRUDBooster::isSuperadmin();
        });
    }
}

4. I haved added to app.php. Look at the comment above #76 (comment)

5. If I don't have to manually add packages to app.php, so I think It's enabled. However, I manually added to it.

'providers' => [

        /*
     * Laravel Framework Service Providers...
     */
        Illuminate\Auth\AuthServiceProvider::class,
        Illuminate\Broadcasting\BroadcastServiceProvider::class,
        Illuminate\Bus\BusServiceProvider::class,
        Illuminate\Cache\CacheServiceProvider::class,
        Illuminate\Foundation\Providers\ConsoleSupportServiceProvider::class,
        Illuminate\Cookie\CookieServiceProvider::class,
        Illuminate\Database\DatabaseServiceProvider::class,
        Illuminate\Encryption\EncryptionServiceProvider::class,
        Illuminate\Filesystem\FilesystemServiceProvider::class,
        Illuminate\Foundation\Providers\FoundationServiceProvider::class,
        Illuminate\Hashing\HashServiceProvider::class,
        Illuminate\Mail\MailServiceProvider::class,
        Illuminate\Notifications\NotificationServiceProvider::class,
        Illuminate\Pagination\PaginationServiceProvider::class,
        Illuminate\Pipeline\PipelineServiceProvider::class,
        Illuminate\Queue\QueueServiceProvider::class,
        Illuminate\Redis\RedisServiceProvider::class,
        Illuminate\Auth\Passwords\PasswordResetServiceProvider::class,
        Illuminate\Session\SessionServiceProvider::class,
        Illuminate\Translation\TranslationServiceProvider::class,
        Illuminate\Validation\ValidationServiceProvider::class,
        Illuminate\View\ViewServiceProvider::class,

        /*
         * Package Service Providers...
         */

        /*
         * Application Service Providers...
         */
        App\Providers\AppServiceProvider::class,
        App\Providers\AuthServiceProvider::class,
        // App\Providers\BroadcastServiceProvider::class,
        App\Providers\EventServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
        App\Providers\RouteServiceProvider::class,

        // Agregados por mí.
        crocodicstudio\crudbooster\CRUDBoosterServiceProvider::class,
        \Laravel\Telescope\TelescopeServiceProvider::class,
        App\Providers\TelescopeServiceProvider::class,
    ],

6. Yes, It is.
   

from telescope.

If I change APP_ENV to local in the server, It shows the dashboard.

from telescope.

@EdwinDayot, if you do that, there's no security because It doesn't check for the user.

from telescope.

I'm trying this and I'm still getting 403.

public function register()
    {
        $this->app->register(TelescopeServiceProvider::class);
    }

from telescope.

Is it possible to remove selected incoming entries from Telescope::filter() as used in default file of TelescopeServiceProvider?

Telescope::filter(function (IncomingEntry $entry) {
        return $entry->isReportableException() ||
                   $entry->isFailedJob() ||
                   $entry->isScheduledTask() ||
                   $entry->hasMonitoredTag();

        // Allow more entries here. Redis, Mail, Events...
});

I would like to track error exceptions, dispatched events or sent mails for example.

thanks

from telescope.

Hi, is there a reason why Telescope does not register any of my browser actions? Dump, requests, sql queries, etc... do not show up on my telescope application. I've also checked my telescope entries table and there are no rows being created for my browser's actions.

from telescope.

Literally tried everything in this thread and nothing worked other than modifying TelescopeServiceProvider closure. The Gate:: facade call ALWAYS returned false no matter the logic defined in the Provider. I ended up removing it entirely and adding in my own function call for IP whitelisting. Works!

Telescope::auth(function ($request) { return app()->environment('local') || Helper::isAllowedIp($request->ip()); });

from telescope.

None of the above answers solved my problem.

from telescope.

@RuanHerculano that error is caused because your assets are not being served over https we use this in production
if (App::environment('production')) { // The environment is production URL::forceScheme('https');}

from telescope.

In config/telescope.php you can configure your own authentication with a middleware if you want to build your own thing (if your company has it's own CMS for example) or just want to only let through whitelisted ip's

from telescope.

Hello Team

With these steps you resolve the issue:

1. Create a middleware class that inherits from Authenticate and in the handler function write:

 public function handle($request, Closure $next, ...$guards): mixed
  {
        if (app()->environment('local')) {
            return $next($request);
        }

        if (app()->environment('production') && !$request->expectsJson()) {
           parent::handle($request, $next, ...$guards);
        }

        return abort(403);
  }

2. Add the middleware class in the config/telescope.php

  'middleware' => [
        'web',
        AuthorizeTelescope::class,
    ],

from telescope.

Fresh install of latest Laravel and Telescope and this is still not working on non-local environments.
Latest documentation followed and nothing was customized.

Simple returning the TRUE is not working in the TelescopeServiceProvider gate method:

    protected function gate(): void
    {
        Gate::define('viewTelescope', function ($user) {
            return true;
        });
    }

from telescope.

My issue was mostly that I wasn't logged in, when i logged in I could then access the user param and that worked as expected.

from telescope.

Hi guys, to all of you who come across this problem - I have been struggling with this for hours now and finally found the "solution" (aka easier fix to this instead of creating a whole new middleware etc.).

The reason for this "issue" that we all had is because Laravel has some internal check whether this callback is supported for also work with guest-visitors (aka non-logged-in users). The default is (since it comes with the provider from telescope) that it does not support these guest users!

To make it work, you need to change the code a tiny bit from

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user) {
        return in_array($user->email, [
            //
        ]);
    });
}

to this:

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user = null) {
        return in_array($user->email, [
            //
        ]);
    });
}

The only change is that you have to add the default value null here to the parameter $user in the callback-function. With this you change the evaluation for whether this gate is suitable to be taken into account or not. The check is part of the Auth modules and the method that does this magic is canBeCalledWithUser, if you need further insides.

The only thing you have to aware of is that the user object then is always null but you can still do things like:

protected function gate(): void
{
    Gate::define('viewTelescope', function ($user = null) {
        return in_array(request()->ip(), ['123.123.123.123', ...]);
    });
}

from telescope.

laravel telescope is not working in my domain ip address.but all configuration is correctly.why ? i am using domain ip .
like example :http://44.193.10.70/telescope

from telescope.