New Blade Directives Coming to Laravel 5.6

New Blade Directives Coming to Laravel 5.6

Laravel 5.6 will include two new form blade directives for cross-site request forgery (CSRF) and HTTP method input, thanks to Taylor Otwell.

In Laravel 5.5 you do the following at the top of forms to create hidden inputs for the CSRF token and the spoofed HTTP method:

<form>
  {{ csrf_field() }}
  {{ method_field('PUT') }}
  <!-- ... -->
</form>

Starting in Laravel 5.6 you can do the following instead:

<form>
  @method('put')
  @csrf
  <!-- ... -->
</form>

Laravel makes it easy to protect your site against CSRF attacks without any work on your part. However, if you want to submit a form successfully you must include a CSRF token input to verify that the form submission came from the application and not from another site.

Secondly, since HTML forms can’t make PUT, PATCH, or DELETE requests you need to add a hidden _method input to spoof these HTTP verbs. Laravel uses the _method input to route the request to the appropriate controller action correctly.

These directives will be out with Laravel 5.6 when it ships next year! Here’s the commit if you want to see the source code related to this feature.

I feel like the new directives are more instinctive and more natural to remember, however, the helper functions are still available for use if you prefer.


Filed in: Laravel 5.6 / laravel 5.6


Newsletter

Join the weekly newsletter and never miss out on new tips, tutorials, and more.

Laravel News Partners

Laravel Jobs

Full Stack or Back-End Developer
Alexandria, VA; Tallahassee, FL; Orlando, FL
Marketing for Change
Full Stack Software Engineer
Atlanta, GA or Remote
Voxie
Laravel/PHP Developer
Chicago, IL
Neon One
Software Engineer, Web Applications
Vaughan, ON, Canada
Blast Motion
Contract Services Software Engineer (Laravel | Vue | Tailwind)
Remote
Riverbed Technology
Senior Laravel Developer
Wilmington, NC
GE Software Inc.
Senior Full Stack Developer (PHP | Vue | DDD)
Charleston, SC
MassageBook