Published 4 months ago by a_riehr
Hello, I really like testing my code, on unit level as well as on browser level. I especially like having control and being able to test the functionality with one click. However, maybe the process of deploying my website to the production server might introduce bugs, since it's a different environment. It would be perfect if I was able to run my tests on the production server itself. The dusk docs talk about some kind of security issue that would come with that... is that correct or is this a misunderstanding? Can I run my tests on the production server?
You should not run Dusk on your production website, because it exposes insecure routes for automatically logging in as any user.
In other words, anyone could just visit
and log in as your administrator user (most likely).
It's also a really bad idea to run any tests against your production environment, as you can easily mess up and wipe your production database.
However, you can create a separate testing environment, either on the same server or an identically configured one. Dusk can then be run against this site. For example,
This should of course have a completely separate database, with a different username and password. You probably also want to secure it so only you can access it (basic auth, and/or IP restriction).
Those routes are convenient when writing your Dusk tests, because you can do this:
...instead of this:
$browser->visit('/login') ->type('email', '[email protected]') ->type('password', 'superSecureAdminPassword') ->press('Log in')
As well as being a handy shortcut, it also runs a bit faster.