Hello everyone,
This may be a basic question but I can’t seem to locate the answer. When deploying the live app, it seems that anyone can add “version-live?debug_mode=true” to the end of my URL and debug the app.
When I check “limit access to this app in run mode” with user&pass, then the regular url also requires a username and password, so it blocks the app entirely.
Any ideas how to prevent users from adding this to the URL?
Thanks
It would seem that way when you are testing that and are still logged into your Bubble account…but in reality, nobody else except the application owner or collaborators can see that. Try logging out of your bubble account and testing.
Thanks @boston85719
I just tried it and it still shows me the debugger. Even in another browser and I am logged out, even in incognito. So unless they are looking at my IP or something…
It shows for me too, and I really believe it should not be, as I’ve never seen that before. You should submit a bug report to Bubble.
Thank you
Yea you’re right I didn’t think it would work in live.
Maybe add a “When condition is true” event checking for that URL parameter being true it redirects them to the same page without the parameter?
Well I just tried on Safari and Chrome and the behaviour was as expected (no debugger shown). When I visit in Chrome where I’m logged into Bubble but all Bubble tabs are closed, I can see the debugger (presumably because the Bubble login cookie is identified or something)
It has never worked in live before when not logged in (I know because I try and tinker around with other people’s live sites 
Reported to Bubble and they escalated it so hopefully it will be resolved soon.
Do you mind sharing your app URL for us to check here?
Here it worked as expected 
Since it’s a security concern I did remove the direct link I provided earlier. I’ll update what Bubble says once they get to it!
I think they might have gotten to it, as I tried on another users app and it doesn’t allow the debug_mode because I am not the owner or the app or a collaborator, however, this may be a bug that is specific to your app and not the platform at large.
Update: Changed “who can see and modify the app” to private and it solved the issue. I did try it before and it did not have an effect, but at this point I can’t say for sure whether it was a bug and they did something, I simply didn’t deploy when I tested it, or anything else… so the important thing is that it is solved. Thank you everyone for looking into this.
