It seems like pretty much anyone can type in ?debug_mode=true and see either the actual debugger or a message stating that ‘the debugger is visible’ when it’s not. This mode shouldn’t be allowable at any point for the live production website.
How can this be disabled for live sites? Automated workflow?
No they can’t. We only show it if you’re logged in in bubble as someone that can edit the app. If you try in incognito mode you shouldn’t be able to see the debugger (and if you do please file a bug report and we’ll fix it).
Logged In
When you try in a normal Chrome window when logged into Bubble: definitely visible.
When you try in an incognito Chrome window when logged into Bubble: definitely visible.
Not Logged In
When you try in a normal Chrome window when not logged into Bubble: ‘The page is higher than…’ visible
When you try in an incognito Chrome window when not logged into Bubble: ‘The page is higher than…’ visible
All of the Not Logged In cases should entirely ignore ?debug_mode and refresh the page for production sites.
please file a bug report and we’ll fix it
Seems like /version-test/ is also available for anyone to use.
Yes, we’ve never said it wasn’t.
I’m sorry, but is this not an issue for apps? Cannot we not redirect? From my understanding, a look under the hood through console to discover Bubble and appending that to the link could mean access to our staging app.
