New Blade Directives Coming to Laravel 5.6

New Blade Directives Coming to Laravel 5.6

Laravel 5.6 will include two new form blade directives for cross-site request forgery (CSRF) and HTTP method input, thanks to Taylor Otwell.

In Laravel 5.5 you do the following at the top of forms to create hidden inputs for the CSRF token and the spoofed HTTP method:

<form>
  {{ csrf_field() }}
  {{ method_field('PUT') }}
  <!-- ... -->
</form>

Starting in Laravel 5.6 you can do the following instead:

<form>
  @method('put')
  @csrf
  <!-- ... -->
</form>

Laravel makes it easy to protect your site against CSRF attacks without any work on your part. However, if you want to submit a form successfully you must include a CSRF token input to verify that the form submission came from the application and not from another site.

Secondly, since HTML forms can’t make PUT, PATCH, or DELETE requests you need to add a hidden _method input to spoof these HTTP verbs. Laravel uses the _method input to route the request to the appropriate controller action correctly.

These directives will be out with Laravel 5.6 when it ships next year! Here’s the commit if you want to see the source code related to this feature.

I feel like the new directives are more instinctive and more natural to remember, however, the helper functions are still available for use if you prefer.


Filed in: Laravel 5.6 / laravel 5.6


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Senior Quality Assurance Engineer
Remote
Bisnow Media
Senior PHP/Laravel Developer: Your Dream Work Environment
Remote
iPhone Photography School
Senior Software Engineer
Remote or San Francisco
Curology
Laravel Developer
Las Vegas, NV
V Shred
R&D Developer
Denver, CO
booj
Full-Stack Developer
Paris, France
Wingly
Full Stack Developer
Remote US-Only
atlasMind