New Blade Directives Coming to Laravel 5.6

New Blade Directives Coming to Laravel 5.6

Laravel 5.6 will include two new form blade directives for cross-site request forgery (CSRF) and HTTP method input, thanks to Taylor Otwell.

In Laravel 5.5 you do the following at the top of forms to create hidden inputs for the CSRF token and the spoofed HTTP method:

<form>
  {{ csrf_field() }}
  {{ method_field('PUT') }}
  <!-- ... -->
</form>

Starting in Laravel 5.6 you can do the following instead:

<form>
  @method('put')
  @csrf
  <!-- ... -->
</form>

Laravel makes it easy to protect your site against CSRF attacks without any work on your part. However, if you want to submit a form successfully you must include a CSRF token input to verify that the form submission came from the application and not from another site.

Secondly, since HTML forms can’t make PUT, PATCH, or DELETE requests you need to add a hidden _method input to spoof these HTTP verbs. Laravel uses the _method input to route the request to the appropriate controller action correctly.

These directives will be out with Laravel 5.6 when it ships next year! Here’s the commit if you want to see the source code related to this feature.

I feel like the new directives are more instinctive and more natural to remember, however, the helper functions are still available for use if you prefer.


Filed in: Laravel 5.6 / laravel 5.6


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Full-Stack Developer (PHP+JS)
Remote
The Interaction Design Foundation
Senior Laravel Developer
Remote
Sonar
Laravel / Vue.JS Developer - Join an amazing team!
Remote
JTR Solutions
Mid / Sen. Software Engineer
Clearwater, FL
ShineOn
Remote PHP / Laravel Developer
Remote
SpringboardVR
Senior PHP/Laravel Developer: Your Dream Work Environment
Remote
iPhone Photography School
Senior Laravel Developer
Leidseplein, Amsterdam
Orderchamp.com