From 07958c34ebb3b61b488ea1358499cdc0669dc3ac Mon Sep 17 00:00:00 2001
From: Benjamin Wood <ben@hint.io>
Date: Sat, 7 Jun 2025 20:21:00 -0700
Subject: [PATCH] Disable advanced_debugging_tools by default in development

The advanced_debugging_tools setting is potentially dangerous, especially in development environments that are exposed to external networks. For example, if you run a Rails server bound to a public interface (e.g. -b 0.0.0.0), anyone on the local network can access sensitive information such as environment variables or memory debugging data. This risk is even greater if the application is exposed via a tunnel for webhook testing or similar purposes.

Although the README claims that enable_advanced_debugging_tools is disabled by default, the current Railtie enables it in development mode. This change corrects that inconsistency and prioritizes safety by requiring explicit opt-in for these tools.
---
 lib/mini_profiler_rails/railtie.rb | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/mini_profiler_rails/railtie.rb b/lib/mini_profiler_rails/railtie.rb
index b3f2c8cb..af47831b 100644
--- a/lib/mini_profiler_rails/railtie.rb
+++ b/lib/mini_profiler_rails/railtie.rb
@@ -59,7 +59,6 @@ def self.initialize!(app)
 
     # Install the Middleware
     app.middleware.insert(0, Rack::MiniProfiler)
-    c.enable_advanced_debugging_tools = Rails.env.development?
 
     if ::Rack::MiniProfiler.patch_rails?
       # Attach to various Rails methods