Recipes
Content Security Policy
If your site uses Content Security Policy, you'll need to add 'nonce-<value>' and
'strict-dynamic' to script-src for Tracy to work properly. Some 3rd plugins may require additional
directives. Nonce is not supported in the style-src directive, if you use this directive you need to add
'unsafe-inline', but this should be avoided in production mode.
Configuration example for Nette Framework:
http:
csp:
script-src: [nonce, strict-dynamic]
Example in pure PHP:
$nonce = base64_encode(random_bytes(20));
header("Content-Security-Policy: script-src 'nonce-$nonce' 'strict-dynamic';");
Faster Loading
The basic integration is straightforward, however if you have slow blocking scripts in web page, they can slow the Tracy
loading. The solution is to place <?php Tracy\Debugger::renderLoader() ?> into your template before any
scripts:
<!DOCTYPE html>
<html>
<head>
<title>...<title>
<?php Tracy\Debugger::renderLoader() ?>
<link rel="stylesheet" href="assets/style.css">
<script src="https://code.jquery.com/jquery-3.1.1.min.js"></script>
</head>
AJAX and Redirected Requests
Tracy can display Debug bar and Bluescreens for AJAX requests and redirects. Tracy creates its own sessions, stores data in its
own temporary files, and uses a tracy-session cookie.
Tracy can also be configured to use a native PHP session, which is started before Tracy is turned on:
session_start();
Debugger::setSessionStorage(new Tracy\NativeSession);
Debugger::enable();
In case starting a session requires more complex initialization, you can start Tracy immediately (so that it can handle any
errors that occur) and then initialize the session handler and finally inform Tracy that the session is ready to be used using the
dispatch() function:
Debugger::setSessionStorage(new Tracy\NativeSession);
Debugger::enable();
// followed by session initialization
// and start the session
session_start();
Debugger::dispatch();
The setSessionStorage() function has existed since version 2.9, before that Tracy always used the native PHP
session.
Custom Scrubber
Scrubber is a filter that prevents sensitive data from leaking from dumps, such as passwords or credentials. The filter is
called for each item of the dumped array or object and returns true if the value is sensitive. In this case,
***** is printed instead of the value.
// avoids dumping key values and properties such as `password`,
// `password_repeat`, `check_password`, `DATABASE_PASSWORD`, etc.
$scrubber = function(string $key, $value, ?string $class): bool
{
return preg_match('#password#i', $key) && $value !== null;
};
// we use it for all dumps inside BlueScreen
Tracy\Debugger::getBlueScreen()->scrubber = $scrubber;
Custom Logger
We can create a custom logger to log errors, uncatched exceptions, and also be called by Tracy\Debugger::log().
Logger implements the interface Tracy\ILogger.
use Tracy\ILogger;
class SlackLogger implements ILogger
{
public function log($value, $priority = ILogger::INFO)
{
// sends a request to Slack
}
}
And then we activate it:
Tracy\Debugger::setLogger(new SlackLogger);
If we use the full Nette Framework, we can set it in the NEON configuration file:
services:
tracy.logger: SlackLogger
nginx
If Tracy does not work on nginx, it is probably misconfigured. If there is something like
try_files $uri $uri/ /index.php;
change it to
try_files $uri $uri/ /index.php$is_args$args;
