How to customize default middleware in Laravel 11
Introduction to default middleware customization in Laravel 11
Starting from Laravel 11, new projects get to experience a slimmer skeleton. Part of the efforts to make it happen was to remove the default middleware classes.
But how do you customize them then? Easy! Just go into your bootstrap/app.php file and configure them however you want. Let me show you in more detail the most common use cases.
Customize the default middleware
Change where guests are redirected
To customize where guests are redirected, use the redirectGuestsTo()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->redirectGuestsTo('/admin/login');})
Previously, this was happening in the Authenticated.php middleware file.
Change where users and guests are redirected
To customize where users and guests are redirected, use the redirectTo()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->redirectTo( guests: '/admin/login', users: '/dashboard' );})
Previously, this was happening in the Authenticated.php and RedirectIfAuthenticated.php middleware files.
Exclude cookies from being encrypted
To customize which cookies must not be encrypted, use the encryptCookies()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->encryptCookies(except: [ 'foo', 'bar', ]);})
Previously, this was happening in the EncryptCookies.php middleware file.
Exclude routes from CSRF protection
To customize which routes must be excluded from CSRF protection, use the validateCsrfTokens()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->validateCsrfTokens(except: [ '/foo/*', '/bar', ]);})
Previously, this was happening in the VerifyCsrfToken.php middleware file.
Exclude routes from URL signature validation
To exclude routes from URL signature validation, use the validateSignatures()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->validateSignatures(except: [ '/api/*', ]);})
Previously, this was happening in the ValidateSignature.php middleware file.
Prevent converting empty strings in requests
To configure the middleware that converts empty strings to null, use the convertEmptyStringsToNull()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->convertEmptyStringsToNull(except: [ fn ($request) => $request->path() === 'foo/bar', ]);})
Previously, you had to remove the ConvertEmptyStringsToNull
middleware in the app/Http/Kernel.php file or do it on a per route basis.
Prevent string trimming in requests
To configure the middleware responsible for trimming strings, use the trimStrings()
method in bootstrap/app.php:
->withMiddleware(function (Middleware $middleware) { $middleware->trimStrings(except: [ '/foo', ]);})
Previously, this was happening in the TrimStrings.php middleware file.
0 Comments
CAN FEEDBACK
Emoji