Should I deploy Glimpse to the production site?

Question

I recently added the Glimpse Debugger package to my project. This added a reference to the Glimpse dll, and modified some Web.Config.

I like my project as much the same

Answer 1

Yarx is right on pretty much all fronts.

From a security perspective you could lock down the path using the method described. Only thing is, there are more URL end points that glimpse uses, so the rule would need to be something like *Glimpse/* (where * says that anything can come before it and anything can come after it). Once this is in place, glimpse should be pretty locked down.

Also, if in the config, you used the transform that Yarx provided, glimpse will never load, even if you have the cookie turned on.