You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: urls.md
+8-8Lines changed: 8 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -108,7 +108,7 @@ If you would like to generate a temporary signed route URL that expires after a
108
108
<aname="validating-signed-route-requests"></a>
109
109
#### Validating Signed Route Requests
110
110
111
-
To verify that an incoming request has a valid signature, you should call the `hasValidSignature` method on the incoming `Request`:
111
+
To verify that an incoming request has a valid signature, you should call the `hasValidSignature` method on the incoming `Illuminate\Http\Request` instance:
112
112
113
113
use Illuminate\Http\Request;
114
114
@@ -120,7 +120,13 @@ To verify that an incoming request has a valid signature, you should call the `h
120
120
// ...
121
121
})->name('unsubscribe');
122
122
123
-
Alternatively, you may assign the `Illuminate\Routing\Middleware\ValidateSignature`[middleware](/docs/{{version}}/middleware) to the route. If it is not already present, you should assign this middleware a key in your HTTP kernel's `routeMiddleware` array:
123
+
Sometimes, you may need to allow your application's frontend to append data to a signed URL, such as when performing client-side pagination. Therefore, you can specify request query parameters that should be ignored when validating a signed URL using the `hasValidSignatureWhileIgnoring` method. Remember, ignoring parameters allows anyone to modify those parameters on the request:
124
+
125
+
if (! $request->hasValidSignatureWhileIgnoring(['page', 'order'])) {
126
+
abort(401);
127
+
}
128
+
129
+
Instead of validating signed URLs using the incoming request instance, you may assign the `Illuminate\Routing\Middleware\ValidateSignature`[middleware](/docs/{{version}}/middleware) to the route. If it is not already present, you should assign this middleware a key in your HTTP kernel's `routeMiddleware` array:
124
130
125
131
/**
126
132
* The application's route middleware.
@@ -139,12 +145,6 @@ Once you have registered the middleware in your kernel, you may attach it to a r
139
145
// ...
140
146
})->name('unsubscribe')->middleware('signed');
141
147
142
-
There might be cases where you need to allow the frontend to append data to a signed URL, for example for pagination. You can define specific parameters to be ignored when verifying the URL by using the `hasValidSignatureWhileIgnoring` method on the incoming `Request`. Remember that this allows for anyone to modify these parameters while still passing the validation test.
143
-
144
-
if (! $request->hasValidSignatureWhileIgnoring(['page', 'order'])) {
0 commit comments