Skip to content

Commit 89f33eb

Browse files
committed
formatting
1 parent cc08043 commit 89f33eb

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

urls.md

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ If you would like to generate a temporary signed route URL that expires after a
108108
<a name="validating-signed-route-requests"></a>
109109
#### Validating Signed Route Requests
110110

111-
To verify that an incoming request has a valid signature, you should call the `hasValidSignature` method on the incoming `Request`:
111+
To verify that an incoming request has a valid signature, you should call the `hasValidSignature` method on the incoming `Illuminate\Http\Request` instance:
112112

113113
use Illuminate\Http\Request;
114114

@@ -120,7 +120,13 @@ To verify that an incoming request has a valid signature, you should call the `h
120120
// ...
121121
})->name('unsubscribe');
122122

123-
Alternatively, you may assign the `Illuminate\Routing\Middleware\ValidateSignature` [middleware](/docs/{{version}}/middleware) to the route. If it is not already present, you should assign this middleware a key in your HTTP kernel's `routeMiddleware` array:
123+
Sometimes, you may need to allow your application's frontend to append data to a signed URL, such as when performing client-side pagination. Therefore, you can specify request query parameters that should be ignored when validating a signed URL using the `hasValidSignatureWhileIgnoring` method. Remember, ignoring parameters allows anyone to modify those parameters on the request:
124+
125+
if (! $request->hasValidSignatureWhileIgnoring(['page', 'order'])) {
126+
abort(401);
127+
}
128+
129+
Instead of validating signed URLs using the incoming request instance, you may assign the `Illuminate\Routing\Middleware\ValidateSignature` [middleware](/docs/{{version}}/middleware) to the route. If it is not already present, you should assign this middleware a key in your HTTP kernel's `routeMiddleware` array:
124130

125131
/**
126132
* The application's route middleware.
@@ -139,12 +145,6 @@ Once you have registered the middleware in your kernel, you may attach it to a r
139145
// ...
140146
})->name('unsubscribe')->middleware('signed');
141147

142-
There might be cases where you need to allow the frontend to append data to a signed URL, for example for pagination. You can define specific parameters to be ignored when verifying the URL by using the `hasValidSignatureWhileIgnoring` method on the incoming `Request`. Remember that this allows for anyone to modify these parameters while still passing the validation test.
143-
144-
if (! $request->hasValidSignatureWhileIgnoring(['page', 'order'])) {
145-
abort(401);
146-
}
147-
148148
<a name="urls-for-controller-actions"></a>
149149
## URLs For Controller Actions
150150

0 commit comments

Comments
 (0)