Laravel 5.6 will include two new blade directives. One for adding cross-site request forgery (CSRF) token in your forms and the other for defining form method.
In Laravel 5.5 and below, you do the following at the top of the forms to create a hidden input field for csrf token and another hidden input field for your HTTP method if you are using other than get and post.
<form method="POST"> {{ csrf_field()}} {{ method_field("DELETE")}} <!-- ... --> </form>
In Laravel 5.6, you will be able to use these blade directives.
<form method="POST"> @csrf @method("DELETE") <!-- ... --> </form>
In Laravel, it is very easy to add csrf protection in your applications. When submitting a form, you must include a csrf token or add the URL to except array in VerifyCsrfToken
file. Laravel uses a hidden _token
field to save csrf token. Starting with Laravel 5.6, you will be able to do that with just @csrf
.
You cannot make PATH, PUT or DELETE requests in HTML forms. So, you add a hidden _method
field to tell Laravel about your HTTP request.
Here is the source code for this commit. It’s just an abstraction that eventually calls the same functions that we were using before. Those helper function will still be available if you want to use them.