I'm using Laravel in an application that I would like to be HTTPS-only.
In one view that is shown on https://example.com/p I open a form like this:
{{ Form::open(['method' => "POST", "id" => "whatever"]) }}
Laravel parses it to this:
<form method="POST" action="http://example.com/p" accept-charset="UTF-8" id="whatever">
This looks good on the first sight, but remember, this is on an HTTPS page so I get a mixed-content warning when displaying the page.
But it gets even worse. I configured my server to redirect HTTP request to the according HTTPS resource. That means, my browser posts the form content to the server, which redirects it to the HTTPS-location. The browser then drops the POST-request and sends a regular GET-request to the server which results in exactly the same page the use has seen before.
Why does Laravel fill in the wrong protocol? How can I set the right one?
Define your routes with https option and call that route to form action.
For Example"
Route
Route::group(array('https'), function(){
// all of our routes
//for your form acction
Route::post('form', array('as' => 'form/action', 'uses' => 'ExampleController#postForm'));
}
So the route under https group should be https, even route for form to.
Related
Updating existing items in DB in my application is solved by this way:
I have url like this:
http://localhost/project/public//structure/edit/about-us
In router I have set
Route::get('/structure/edit/{url}', 'StructureController#update'); //for displaying the prefilled form
Route::post('/structure/edit/{url}', 'StructureController#update'); // for saving new values
So it means, I'm building update query where url = $url . This is the main part of my view file:
{!! Form::open(['url' => URL::current()]) !!}
I don't know where to point "form action". So I¨m using the same url as current url, so router recognizes, that this is post request and I can process the update inside the same controller and select new (updated) data to my update form.
The problem is, when I update the url via form, new value will set to database. So it means, from this moment old url doesn't exists, but and my form action point to url, which doesn't exists anymore.
What can I do with that? If you know, what I mean...
To update use patch method instead of post. Write this in web.php
Route::get('/structure/edit/{id}', 'StructureController#edit');
Route::patch('/structure/{id}/update', 'StructureController#update');
You can use either action or url as a form action. Pass the structure id in the second parameter of the action
{!! Form::model($structure,['action' => ['StructionController#update',$structure->id],'method'=>'patch']) !!}
If you do what #smartrahat suggests and still got the error you posted, then can you run php artisan route:list command and show us the structure of your routes?
I am trying to update a user, but when I hit the submit button, Laravel throws the below error:
"RouteCollection->methodNotAllowed(array('GET', 'HEAD', 'POST')) in RouteCollection.php line 206".
I think that the PUT method is not allowed, but I do not understand the reason. The request never reaches UserController#update.
I have configured a resource route like this:
Route::resource('backend/users', 'Backend\UsersController');
The output of php artisan route:list is:
I solved the problem like this: it must be the form's post action error;
<form method="POST" action="10.241.229.1/backend/users/{{$user->id}}"; accept-charset="UTF-8">
add the id you want update to the action.
use put method like this within form,for more https://laravel.com/docs/5.2/routing#form-method-spoofing
{{ method_field('PUT') }}
Coming a bit late on this question.
In my experience this kind of error comes for two reasons:
as Laravel docs say, HTML forms do not support PUT, PATCH or DELETE actions. So, when defining PUT, PATCH or DELETE routes that are called from an HTML form, you will need to add a hidden _method field to the form.
if you are making the request from a HTML form, and you have the VerifyCsrfToken middleware enable, than you will need to add a hidden _token field to the form with {{ csrf_token() }} as value.
I'm trying to learn laravel, but I'm running into an issue with routing.
I have the following in my Routes file:
Route::get('home', function()
{
return View::make('home');
});
Which works if I type
http://localhost/laravel/public/home
However, on a another page I have a form, that when submitted should take me to that page like so:
{{ Form::open(array('url' => 'home')) }}
Now this takes me to the correct address, but throws an exception. But, if I reload the page with the same URL then the page loads correctly. So what is the issue here? Is there a problem with the way my form is set up?
Route::get is when you want to issue a get request to the page, to get the contents basically. If you want to post to a page, you need to do, in addition to your Route::get,
Route::post
Another option that people will tell you is:
Route::any
but I would advise staying away from this because the logic will probably be different for the two routes.
I have the following code to create a form in my app:
<?php echo $this->Form->create('User', array('action'=>'edit')); ?>
and it has a route like:
Router::connect('/settings', array('controller'=>'users','action'=>'edit'));
However the action is wrong...
<form action="/users/edit/6" method="post" accept-charset="utf-8">
If I put the form to defaults with:
<?php echo $this->Form->create(); ?>
then it fixes the routing issue, but why does specifying parameters break the routing???
When you specify in the create() parameters an actual URL - it will map to that url! The routes config doesn't map backwards. For example - if you visit /settings, it will load /edit page with the url still showing /settings. But if you visit /edit, it will show the url and will load the page /edit.
So if you want your form action to map to /settings, don't specify a url or use the url option array('url' => '/settings')
I have a form that uses the POST method to send data. The POST destination is configured as "http://www.example.com/form". However, the actual POST file is "http://www.example.com/form/index.php".
Because the action does not include the file name (index.php), the POST variables are not making it to the page. (This said, GET requests seem to work fine.)
Short of changing the action and/or method, is there any fix for this? Can I implement a mod_rewrite rule to pass the POST values along to the page?
I could not reproduce this with
<form action="/test/" method="POST">
But I was able to reproduce it with
<form action="/test" method="POST">
In the second case my Apache send as Moved-Permanently redirect to /test/ and the POST variables are lost.
This redirect is done by mod_dir.
If you disable mod_dir links to a directory without a trailing slash a simply not working any more.
The only advice I can give you is to fix the form's action.