[jlis]

What I don't get is how the .env file was even served when Laravel uses the public/index.php as starting point, so your root Folder should have been the public/ folder, not the application folder.

Mistakes like this happen, but it takes courage to post about it. Thanks for sharing it.

[ngranja19]

I'm not totally sure I'm not a Laravel expert I just use it as a backend api so I believe I exposing the entire Laravel folder instead just the public. And yes is embarrassing haha.

[saluki]

I was curious too how this could happen, since the .env wouldn't normally be in the public folder.

Laravel is a great framework, check out Laracasts.com and forge.laravel.com, it's a deployment tool that will spin up a VPS on AWS, Digital Ocean, etc. with the proper configuration.