Form method spoofing on Laravel

by Devin Yang
(This article was automatically translated.)

Published - 7 years ago ( Updated - 7 years ago )

Why does Laravel need Form Method Spoofing?
Because HTML forms do not support PUT, PATCH and DELETE and other actions, so On Laravel
When submitting the HTML form, we need to send it as an HTTP request through a hidden _method input field.
In this way, Laravel's Restful style routing can know whether the request is PUT or PATCH...etc.

Prior to Laravel 5.5, forms could embed two hidden input fields: 
<form action="/foo/bar" method="POST">
    <input type="hidden" name="_method" value="PUT">
    <input type="hidden" name="_token" value="{{ csrf_token() }}">
</form>
or 
<form action="/foo/bar" method="POST">
    {{ method_field('PUT') }}
    {{ csrf_field() }}
</form>
After Laravel 5.6, we can also achieve the same effect through Blade directive: 
<form action="/foo/bar" method="POST">
    @method('PUT')
    @csrf
</form>

 

Tags: laravel

Devin Yang

Feel free to ask me, if you don't get it.:)

Follow

No Comment

Post your comment

Login is required to leave comments

Similar Stories


城堡
laravel

How can I force Laravel to use HTTPS urls

The problem I encountered is probably this. The container environment runs Laravel, and there is no HTTPS in the container, which causes Laravel to transmit the form without https. Add the following syntax to the boot of AppServiceProvider\URL::forceScheme('https');

城堡
laravel storage,sftp

Use tinker to test Laravel's sftp custom Storage::path and Storage::url

Today, I will test the use of sftp driver on Laravel. If you have never used it, come and see the results of my test. By the way, it is very convenient for us to perform Storage functions in the tinker environment of Laravel, whether it is local or remote. After adjusting the settings, remember to leave and enter again.

城堡
laravel, livewire

livewire important notes

Before starting your Livewire journey, here are three basic considerations about public properties: 1. The property name must not conflict with a property name reserved for Livewire (such as $rules or $message) 2. Store in Data in public properties is visible to front-end JavaScript. Therefore, you should not store sensitive data in it. 3. Properties can only be JavaScript-friendly data types (string, integer, array, boolean), or one of the following PHP types: Stringable, Collection, DateTime, Model, EloquentCollection.