0

If I have this line of code in my routes.php file: 

Route::when('*', 'csrf', array('post', 'put', 'patch', 'delete'));

Do I still need to do this?

Route::group(array('before' => 'csrf'), function() {
    Route::post('/search', array(
        'as' => 'search-post',
        'uses' => 'SearchController@postSearch'
    ));
});

Or is it ok to just do this?

Route::post('/search', array(
    'as' => 'search-post',
    'uses' => 'SearchController@postSearch'
));
Improve this question
6
  • How can I check it it's working though? I'm not familiar with CSRF protection. Commented Jan 13, 2015 at 20:26
  • 1
    Remove the CSRF token from your form, submit it and check if you get an error. It SHOULD throw an Exception. Commented Jan 13, 2015 at 20:27
  • 1
    @rotaercz In your browser's dev tools, change the value of the input type="hidden" name="_token" field. Commented Jan 13, 2015 at 20:27
  • Or what @ceejayoz said Commented Jan 13, 2015 at 20:28
  • Man, you guys are awesome. I'll be right back. Commented Jan 13, 2015 at 20:28

2 Answers 2

Reset to default
3

Route::when filters (internally called pattern filters) are called right before before filters. You're all good with just using your routes normally.

Here's the relevant source code:

public function callRouteBefore($route, $request)
{
    $response = $this->callPatternFilters($route, $request);

    return $response ?: $this->callAttachedBefores($route, $request);
}

As you can see first the pattern filters will be called. If they return any response it will be returned from here, otherwise the "normal" before filters will be called.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You answer a lot of my questions and I'd like to say thanks publicly. When I launch the site there's going to a be a shout out section. I'd like to thank you in there. Shall I add you as lukasgeiter or would you like me to put your name there?
You're very welcome :) Well "lukasgeiter" is actually my name. You can write it "Lukas Geiter" if you prefer ;)
Will do and I'll send you a link! :)
2

Yes; you should be safe with just Route::post('/search', [...]);.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.