POST Ajax Requests With CSRF Fields - Build Expense Tracker App With PHP 8
HTML-код
- Опубликовано: 4 янв 2023
- In this video we add support for POST AJAX requests along with CSRF protection to POST routes when making requests via JS.
SOME OF THE WAYS YOU CAN SUPPORT THE CHANNEL
👍 Smash the like button
🤝 Subscribe to the channel & turn the notifications on
💬 Post comments, any feedback is greatly appreciated
⭐ Become a Patreon: / programwithgio
THANK YOU!
🛠️ TOOLS & SERVICES I USE
Digital Ocean Hosting - Get 100$ credit - m.do.co/c/38b935ad74e5
Domains on Namecheap - namecheap.pxf.io/rnRjdQ
Envato Elements - 1.envato.market/c/2937311/298...
LESSON P.14
Starting Source Code - github.com/ggelashvili/expenn...
Ending Source Code - github.com/ggelashvili/expenn...
Course Outline - github.com/ggelashvili/learnp...
Course Playlist - • Learn PHP The Right Wa...
** Affiliate Disclaimer: Some of the above links may be affiliate links, which may generate me a sales commission at no additional cost to you.
simple edit/update is so complex in php . Laravel made working with php so easy and enjoyable .
It's as complex as you make it be. Not so bad honestly. But yes Laravel is great, makes a lot of things simpler
Great, the follow up came early!! Even though I'm still digesting the earlier one. Thanks Gio
You can do it!
Thanks for another great video, Gio! Looking forward to more Laravel content, as I've just started diving into it after having explored Symfony as a framework and by using individual components in work-related projects last year. I am transitioning into a full-time developer position late February, and then I will finally be able to support your work. Cheers!
That's great to hear, happy you are transitioning into a full-time dev, great job & good luck forward 💙
Thanks for every second that you have spent for this community. I really appreciate the hard work that you have done to us. Also Gio one question, did you ever use Laravel livewire in your projects? It is making this AJAX request so simpler.
You're welcome. No I have not used Livewire mainly because I don't have a good use case for it.
Oh Gio, First Watch and I'm feeling a bit in-over-my-head. Well I haven't practiced yet. When I do I believe I'll feel better and understand better. These are things I would never have done if I was building an application myself so this is certainly stretching me. And stretching is good. I am learning absolutely new ways of doing things. The ajax request tutorial on W3Schools for instance appears rather simplistic from what we are learning here. In all, I want to thank you...more power to your elbows.
Yes, that's a good thing. It's good to get out of the comfort zone & explore more. That's how you improve and advance. W3Schools have the most basic versions of fetch requests, does not take into consideration things like CSRF protection that we've built here and headers etc. You can make simple requests like that but in our app we have the proper CSRF protection so we need additional fields to be passed
Thanks Gio. I want to understand the js code we are using so now I am learning both php and Js haha
That's great heh
Thanks for this amazing series of videos. You've build this to apply CSRF globally for all POST requests. I'm setting up a webhook endpoint which will be fired from a 3rd party application and I want to exclude the webhook route from the CSRF protection - we will protect the webhook using token in the header request. How would I exclude it from one route but still keep it in place for the balance of the routes as you have done? Any suggestions would be greatly appreciated.
You're welcome. You would need to define a list of routes and then have a check in middleware if the request is coming from one of those endpoints that are in the exclude list and skip the csrf check. Laravel does it in a similar way so you could look into its source code to see how they do it.
Please make video on how to apply solid principle and design patterns in projects
Thanks for the suggestion
Hey Gio, thanks for the awesome content 🤍🤍.
I have a question about the mistake was made here 10:05 . Why do we need to specify the content type in here ??
Because we are expecting json content type. It is built into csrf protection I believe
Will you teach about Lavarel framework?
Yes