Validating Signed Route Requests
When using filament forms on a livewire component and submitted, how do we verify that the request has come from the signed url. Basically how do we validate signed route request.
5 Replies
If you apply the middleware to the original route, you are protected since the Livewire component is unable to mount and generate the original component hash
Thanks. I have done that on get route... Working perfectly.
My doubt is how do validate incoming request.
As in Laravel docs
use Illuminate\Http\Request;
Route::get('/unsubscribe/{user}', function (Request $request) {
if (! $request->hasValidSignature()) {
abort(401);
}
// ...
})->name('unsubscribe');
As in livewire form submission is not usual laravel post request
I dont think you need to if the original route is signed
When I create a signed route which expires in 5 minutes and the url has form to submit but once the users clicks the link and stays longer than 5 mins, even when the url is expired, the user is able to make a post request..
yeah thats correct. you should store the expiry in a public property #[Locked], and then check it before the user submits