I am developing an application in laravel 5.1, I need to use sensitive user data and i was wondering about security when using ajax posts instead of a standard post. is it recommended using ajax, is there a way of performing some kind of protected ajax posts? Thanks :D
答案 0 :(得分:1)
In laravel 5.1 you can use the HTTP Middleware in order to create something similar to the filters of older version.
1: Define Middleware
namespace App\Http\Middleware;
use Closure;
class BeforeMiddleware
{
public function handle($request, Closure $next)
{
// Check all your ajax stuff
return $next($request);
}
}
Inside the definition you can check wheter the request is Ajax, or other (have a look at the Class Reference) and define, for example, if the user has authorization to that specific route.
2: Assign middleware to routes
// Within App\Http\Kernel Class...
protected $routeMiddleware = [
'auth' => \App\Http\Middleware\Authenticate::class,
'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
'myMiddleware' => \Path\To\The\MiddleWare::class,
];
3: use the middleware key in the route options array
Route::post('your/route', ['middleware' => 'myMiddleware', function () {
//
}]);