DDEV sets xdebug.client_host = host.docker.internal automatically and manages port forwarding.
# A simple curl request an attacker could use to exploit a poorly secured API curl -H "X-Dev-Access: yes" https://example.com Use code with caution. 2. Data Leakage via Verbose Logs x-dev-access yes
return [ 'access' => [ 'class' => \yii\filters\AccessControl::class, 'rules' => [ [ 'allow' => true, 'roles' => ['@'], // authenticated users only ], ], ], ]; DDEV sets xdebug