Suppose you want to protect your application throughout from cross site request forgery or better known as CSRF? What you can do? Is there any single command we can issue to protect our site from the ‘Crackers’ or ‘Bad Guys’? Yes, there are. Let us see how we can do this. Write this code in your routes.php
Route::when('*', 'csrf', ['post', 'put', 'patch']);
Voila! This is all you need to protect your site
and from the next time you launch your Laravel application, it will take care of all types of cross site request forgery. Is not it nice? And handy?
I know what you say. You agree with me. Especially in a large application, where lots of users put plenty of posts and your server is busy, this is a real large headache. But wait a minute. There are lot of uncommon things in ‘Rout’ class, let me call it magical; waiting for us to be explored.
First of all, we will discuss about ‘implicit’ and ‘explicit’ routing. If you have a ‘CodeIgniter’ experience, you probably have seen instance of ‘implicit’ routing. When we write like this:
It implicitly redirects us to ‘View/admin’ folder through ‘AdminController’. Okay, you are new to the concept of Controllers but don’t worry in the next chapter we will tackle all the controller staff so read on and I suggest to
reread this chapter later again to understand the magic better.
The question is can we explicitly ‘route’ this? Yes, we can. Let us try:
Route::get('codeigniter/codeignitertrainingin kolkata', 'CodeIgniterController@showIndex');
Don’t scare. Please! It is big but not bad. It is very explicitly showing what is happening inside.
Let me pick up the last line:
It says: in the ‘View/wordpress’ folder, we have a page like ‘how-to-start-wordpress.blade.php’ and our controller ‘WpController’ got a public function called ‘showIndex’ which has something inside it so that our end point is ‘howtostartwordpress.blade.php’.
Now question is, can we group this long list of controller routing?
Yes, we have an handy tool, called Route::group(). Suppose we are only concerned with the ‘home’ controllers. We can group it. No problem. The entire ‘home’ blade can come under one group like this:
You see, inside the group, we need not write ‘home’ anymore. It is explicitly told to our router. In command line you can always check, how your works proceed through this command:
php artisan routes
It ultimately it shows up all the controllers I have used in my ‘routes.php’ file and written before. To get hold of all ‘home’ controller we can do another thing. Considering that ‘home’ as my ‘resource’ I can write like that:
There are more to come. Another best practice is ‘naming a route’.