When set to yes , the header instructs the server or middleware to:
next(); );
Use or short-lived JWT tokens with a "dev_mode": true claim. The token is signed by a private key held by your CI/CD or internal certificate authority. This is much harder for an attacker to forge than a plain-text header. x-dev-access yes
# Grant privileges request.context.privileges = Privileges.ADMIN request.context.debug_mode = True request.context.show_hidden_fields = True When set to yes , the header instructs
Never use "magic headers" for debugging in production. Use environmental variables or conditional compilation to ensure debug logic is completely removed from live builds. for similar hidden backdoors? When set to yes
English▼
русский