Reputation:
laravel middleware without use working
The question I have is that: I realized that the middleware in laravel runs before the router runs like an onion skin (something like that)
And we have a group of middleware called the web, whose work is something like making a session and also making CSRF_TOKEN / why I can use CSRF_TOKEN without using these middleware in the web.php file.
Or is the CSRF_TOKEN middleware something else?
(I use csrf_token in post forms) and my laravel version is 5.6)
Upvotes: 0
Views: 93
Answers (1)
Reputation: 1410
Middleware in Laravel runs after the router, when controller is already instantiated, but before specific controller action is performed.
Also you should not use CSRF_TOKEN field in your web.php file - middleware should contain common logic when dealing with incoming request (sanitizing data, restricting access etc), controller actions should contain route specific logic and provide a response. Your web.php file is setup to define routes, it should not contain code working with incoming request.
Edit: In case you are just wondering what VerifyCsrfToken does it just checks whether or not the incoming token in the request is a valid one.
Upvotes: 0
Related Questions
- Laravel 419 Error - VerifyCsrfToken issue
- TokenMismatchException in VerifyCsrfToken.php line 67 - How to disable middleware and set that to be default
- How To Call Middleware Without Define In Web.php or Controller In Laravel?
- disable CSRF middleware based on environment in Laravel
- Laravel enable csrf protection on api middleware
- how to create middleware in laravel
- Middleware laravel
- Laravel How to get web or auth middleware to work
- Auth middleware in Laravel 5.4
- How to use middleware in Laravel for secure controllers?