We know that the most popular API design specification currently is restFul API design. Restful has five common HTTP methods, namely: get, post, put, patch and delete. It is very easy to construct the get or post method using the html form, but the other three methods are not supported. But in laravel, you can use the other three methods mentioned above through form forgery technology.
Recommended tutorial: "laravel framework"
Preparation work
First we have to prepare Work well done. We need to create two routes: a form route and a route that accepts forms.
// 表单页
Route::get('form', function () {
return view('form');
});
// 接受表单请求
Route::any('getform', function () {
return \Illuminate\Support\Facades\Request::method();
});At the beginning, we made the simplest get request form, the content is as follows:
<form method="get" action="/getform">
<input type="submit" value="sub" />
</form>After clicking the submit button, 'GET' appears in the browser, indicating that the get request was successfully sent and accepted. .
CSRF protection
Then, we change to the post method, then refresh and click the submit button to see what happens. You will find an error with "page expired" and status code 419. Why can't laravel accept post requests? Here we will introduce laravel's default CSRF protection mechanism.
In order to prevent cross-site request forgery attacks, laravel provides CSRF token protection. Therefore, for all methods except the get method request, the reader needs to add the CSRF token to the form, as follows:
<input type="hidden" name="_token" value="{{csrf_token()}}"> It also has an abbreviation method, as follows:
@csrf
Turn off the CSRF protection function
It is generally not recommended to turn off the CSRF function of the entire site. It is very simple to turn it off, just comment out the
\App\Http\Middleware\VerifyCsrfToken::class
line in the Kernel.php file.
CSRF whitelist
Often we need to set a group of URLs that do not require CSRF protection, such as API interfaces provided by third parties, we It is hoped that all external API interfaces will not require CSRF protection. Then, you can use the CSRF whitelist function to set the whitelist in the app/Http/Middleware/VerifyCsrfToken.php file. As follows:
class VerifyCsrfToken extends Middleware
{
/**
* The URIs that should be excluded from CSRF verification.
*
* @var array
*/
protected $except = [
/* 这里是白名单列表 */
'http://example.com/api/*',
'api/*',
'a/b/*'
];
}Note: To facilitate testing, the csrf function will be automatically turned off when testing the environment
##Form forgery
After learning the CSRF protection mechanism, let’s take a look at how to forge the form. It is also very simple to forge a form. You only need to add<input type="hidden" name="_method" value="PUT">or abbreviated to
@method('PUT')in the form. The following is a form for forging a put request
The above is the detailed content of Laravel's form forgery and CSRF protection. For more information, please follow other related articles on the PHP Chinese website!
Using Laravel: Streamlining Web Development with PHPApr 19, 2025 am 12:18 AMLaravel optimizes the web development process including: 1. Use the routing system to manage the URL structure; 2. Use the Blade template engine to simplify view development; 3. Handle time-consuming tasks through queues; 4. Use EloquentORM to simplify database operations; 5. Follow best practices to improve code quality and maintainability.
Laravel: An Introduction to the PHP Web FrameworkApr 19, 2025 am 12:15 AMLaravel is a modern PHP framework that provides a powerful tool set, simplifies development processes and improves maintainability and scalability of code. 1) EloquentORM simplifies database operations; 2) Blade template engine makes front-end development intuitive; 3) Artisan command line tools improve development efficiency; 4) Performance optimization includes using EagerLoading, caching mechanism, following MVC architecture, queue processing and writing test cases.
Laravel: MVC Architecture and Best PracticesApr 19, 2025 am 12:13 AMLaravel's MVC architecture improves the structure and maintainability of the code through models, views, and controllers for separation of data logic, presentation and business processing. 1) The model processes data, 2) The view is responsible for display, 3) The controller processes user input and business logic. This architecture allows developers to focus on business logic and avoid falling into the quagmire of code.
Laravel: Key Features and Advantages ExplainedApr 19, 2025 am 12:12 AMLaravel is a PHP framework based on MVC architecture, with concise syntax, powerful command line tools, convenient data operation and flexible template engine. 1. Elegant syntax and easy-to-use API make development quick and easy to use. 2. Artisan command line tool simplifies code generation and database management. 3.EloquentORM makes data operation intuitive and simple. 4. The Blade template engine supports advanced view logic.
Building Backend with Laravel: A GuideApr 19, 2025 am 12:02 AMLaravel is suitable for building backend services because it provides elegant syntax, rich functionality and strong community support. 1) Laravel is based on the MVC architecture, simplifying the development process. 2) It contains EloquentORM, optimizes database operations. 3) Laravel's ecosystem provides tools such as Artisan, Blade and routing systems to improve development efficiency.
Laravel framework skills sharingApr 18, 2025 pm 01:12 PMIn this era of continuous technological advancement, mastering advanced frameworks is crucial for modern programmers. This article will help you improve your development skills by sharing little-known techniques in the Laravel framework. Known for its elegant syntax and a wide range of features, this article will dig into its powerful features and provide practical tips and tricks to help you create efficient and maintainable web applications.
The difference between laravel and thinkphpApr 18, 2025 pm 01:09 PMLaravel and ThinkPHP are both popular PHP frameworks and have their own advantages and disadvantages in development. This article will compare the two in depth, highlighting their architecture, features, and performance differences to help developers make informed choices based on their specific project needs.
Laravel user login function listApr 18, 2025 pm 01:06 PMBuilding user login capabilities in Laravel is a crucial task and this article will provide a comprehensive overview covering every critical step from user registration to login verification. We will dive into the power of Laravel’s built-in verification capabilities and guide you through customizing and extending the login process to suit specific needs. By following these step-by-step instructions, you can create a secure and reliable login system that provides a seamless access experience for users of your Laravel application.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
SublimeText3 Linux new version
SublimeText3 Linux latest version
Dreamweaver Mac version
Visual web development tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
SublimeText3 Mac version
God-level code editing software (SublimeText3)
