Local Telescope access breaks behind trusted local reverse proxy after Sentinel was added

[beeyev]

Description

Hi,

After upgrading to a Telescope version that now depends on laravel/sentinel, Telescope stopped working in our local environment.

Before Sentinel was added as a dependency, Telescope was working locally without issues.

setup:

• Laravel 12
• Telescope 5.18.0
• Docker
• local environment
• app is accessed through a local reverse proxy (nginx)
• Laravel is configured to trust forwarded proxy headers because the same app is also deployed behind AWS ALB in non-local environments

What happens now:

• /telescope returns 401 Unauthorized locally
• this happens before Telescope’s normal authorization logic
• the request is blocked by Sentinel middleware

From debugging, the relevant part seems to be:

• Telescope now prepends Laravel\Sentinel\Http\Middleware\SentinelMiddleware
• Sentinel’s local driver rejects requests when Laravel considers the request to be from a trusted proxy and the resolved client IP is not private

That means a local setup with trusted proxies can no longer access Telescope, even though this worked before Sentinel was introduced.
if we remove/bypass Sentinel locally, Telescope works again

Questions:

1. Is this expected behavior?
2. Is there an officially recommended way to keep trusted proxies enabled for deployed environments while still allowing normal local Telescope access?
3. Would it make sense for Telescope to provide a config option to disable Sentinel protection in local, or to make the Sentinel layer opt-in?

Thanks

[francois-soapbox]

I have the same issue, see laravel/nova-issues#6957

[tomirons]

Here's a solution to get around this for now. Add this to the withMiddleware function in bootstrap/app.php

$middleware->removeFromGroup('telescope', SentinelMiddleware::class);

[crynobone]

As suggested in the other issue. It is best to move away from local environment and setup proper access to telescope: https://laravel.com/docs/12.x/telescope#dashboard-authorization

The changes was made as a security precaution when application is accessed via network (instead of just "local").

Alternatively, you can suggest a PR to improves laravel/sentinel if there's a way to specifically whitelist docker networks

[caiokawasaki]

Here's a solution to get around this for now. Add this to the withMiddleware function in bootstrap/app.php

$middleware->removeFromGroup('telescope', SentinelMiddleware::class);

Same problem happening to me, this workaround didn't work.

Just downgraded to version 5.17.0 and it worked again:

vendor/bin/sail composer require laravel/telescope:v5.17.0 --dev

[tomirons]

I took @crynobone's suggestion and renamed my env to local-env.