Form method spoofing on Laravel

by Devin Yang
(This article was automatically translated.)

Published - 6 years ago ( Updated - 6 years ago )

Why does Laravel need Form Method Spoofing?
Because HTML forms do not support PUT, PATCH and DELETE and other actions, so On Laravel
When submitting the HTML form, we need to send it as an HTTP request through a hidden _method input field.
In this way, Laravel's Restful style routing can know whether the request is PUT or PATCH...etc.

Prior to Laravel 5.5, forms could embed two hidden input fields: 
<form action="/foo/bar" method="POST">
    <input type="hidden" name="_method" value="PUT">
    <input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
or 
<form action="/foo/bar" method="POST">
    {{ method_field('PUT') }}
    {{ csrf_field() }}
</form>
After Laravel 5.6, we can also achieve the same effect through Blade directive: 
<form action="/foo/bar" method="POST">
    @method('PUT')
    @csrf
</form>

 

Tags: laravel

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
nginx,dlaravel

How to configure HTTPS on nginx to get an SSL A+ score from Qualys

This article describes how to adjust the ssl settings of nginx so that the website can obtain an SSL report and get an A+ rating. Here I am using letsencrypt free credentials. As long as you use the official Docker nginx new version image preset by D-Laravel, you should be able to achieve the same effect as mine. You can check your host SSL settings through the following. https://www.ssllabs.com/ssltest/index.html

城堡
laravel

How can I force Laravel to use HTTPS urls

The problem I encountered is probably this. The container environment runs Laravel, and there is no HTTPS in the container, which causes Laravel to transmit the form without https. Add the following syntax to the boot of AppServiceProvider\URL::forceScheme('https');

城堡
laravel,sftp

Use Laravel's Storage SFTP Drvier for remote file upload

Why do I separate the front and back of the website? My idea is very simple, that is to rely on a set of background to control all the website data in the foreground. Assuming that the front-end website is a pure marketing website, it is nothing more than the subject content, just like the article above, without any particularly complicated logic. Therefore, it is enough to set up the backend database and connect different frontends. Then there is the last question, how can my backend HTML editor post pictures directly to the frontend? Laravel's Storage SFT Driver is a good antidote.