Spoofing for PUT, PATCH and DELETE methods
- Since HTML forms can’t make PUT, PATCH, or DELETE requests, you will need to add a hidden_method field to spoof these HTTP verbs.
- The @method Blade directive can create this field for you:
<form action=”/foo/bar” method=”POST”>
@method(‘PUT’)
</form>
except,only, match resource routes
- In case if you wish to customize certain default actions i.e., if you want the controller to handle these actions instead of the default actions use the ‘except’ or ‘only’ partial routes. To be specified in web.php
Route::resource(‘photos’, ‘PhotoController’)->only([
‘index’, ‘show’
]);
Route::resource(‘photos’, ‘PhotoController’)->except([
‘create’, ‘store’, ‘update’, ‘destroy’
]);
- Sometimes you may need to register a route that responds to multiple HTTP verbs. You may do so using the match method. Or, you may even register a route that responds to all HTTP verbs using the any method:
Route::match([‘get’, ‘post’], ‘/’, function () {
//
});
Methods in Controller
class UsersController extends BaseController
{
public function index() {}
public function show($id) {}
public function store() {}
}
Route precedence
- If you need to add additional routes to a resource controller beyond the default set of resource routes, you should define those routes before your call to Route::resource; otherwise, the routes defined by the resource method may unintentionally take precedence over your supplemental routes.
- You should always declare hard-coded routes first, because any wild-card routes would be executed if they’re declared before hard-coded routes.
Route::get(‘/users/{name}’, ‘SomeController@action’);
Route::get(‘/users/admins’, ‘SomeController@action’);
- In the above the second route will never be called as /users/admins matches the pattern /users/{name} and the first route will get executed instead.
- In Laravel for routing the statement present at first in Routes.php will be processed first before the others which are below that particular statement. So if you have two same URL the first one will always be used.
Protection against CSRF attacks
- Laravel makes it easy to protect your site against CSRF attacks without any work on your part. However, if you want to submit a form successfully you must include a CSRF token input to verify that the form submission came from the application and not from another site.
- Laravel automatically generates a CSRF “token” for each active user session managed by the application. This token is used to verify that the authenticated user is the one actually making the requests to the application.
- Anytime you define a HTML form in your application, you should include a hidden CSRF token field in the form so that the CSRF protection middleware can validate the request.
- You may use the @csrf Blade directive to generate the token field:
- The VerifyCsrfToken middleware, which is included in the web middleware group, will automatically verify that the token in the request input matches the token stored in the session.
- Any HTML forms pointing to POST, PUT, or DELETE routes that are defined in the web routes file should include a CSRF token field. Otherwise, the request will be rejected.<form class=”form” method=”post” action=”{{action(‘HakenBranchControllerTest@update’,[ ‘id’ => 7])}}” enctype=”multipart/form-data” >{{ csrf_field() }}
@method(‘PUT’)
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Update record’)}}</button>
</div>
</form>
<form class=”form” method=”get” action=”{{action(‘HakenBranchControllerTest@action’,[ ‘name’ => ‘Laravel’])}}” enctype=”multipart/form-data” >
{{ csrf_field() }}
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Route Precedence’)}}</button>
</div>
</form>
<form class=”form” method=”get” action=”{{route(‘admin’)}}” enctype=”multipart/form-data” >
{{ csrf_field() }}
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Route Precedence’)}}</button>
</div>
</form>
<form class=”form” method=”get” action=”{{action(‘HakenBranchControllerTest@show’,[ ‘id’ => 7])}}” enctype=”multipart/form-data” >
{{ csrf_field() }}
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Show a record’)}}</button>
</div>
</form>
<form class=”form” method=”get” action=”{{action(‘HakenBranchControllerTest@create’)}}” enctype=”multipart/form-data” >
{{ csrf_field() }}
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Add new record’)}}</button>
</div>
</form>
<form class=”form” method=”get” action=”{{route(‘except’,[ ‘id’ => 7])}}” enctype=”multipart/form-data” >
{{ csrf_field() }}
<div class=”col-sm-9 offset-md-3″>
<button type=”submit” class=”btn btn-success”>{{__(‘Add new record’)}}</button>
</div>
</form>
Conclusion – Laravel provides support for RESTful APIs. Laravel scaffolding support for CRUD APIs helps to concentrate on business logic and fast development.