In this article, we'll see how to customize default middleware in laravel 11. In Laravel 11, there's been a notable change regarding middleware registration. The traditional approach of defining middleware directly in the Kernel.php
file has been removed.
You can no longer register middleware there. Instead, in Laravel 11, you'll need to register and customize middleware in the app.php
file.
So, let's see how to customize default middleware in laravel 11, laravel 11 middleware, and laravel custom middleware.
We'll utilize the alias()
method to define a new middleware within the "bootstrap/app.php" file.
bootstrap/app.php
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->alias([
'isAdmin' => \App\Http\Middleware\IsAdmin::class,
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We will utilize the remove()
method to eliminate the default middleware already present in the "bootstrap/app.php" file.
bootstrap/app.php
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
// Using a string
$middleware->remove(\Illuminate\Http\Middleware\ValidatePostSize::class);
// Or removing multiple default middleware
$middleware->remove([
\Illuminate\Http\Middleware\TrustProxies::class,
\Illuminate\Http\Middleware\HandleCors::class,
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We'll utilize the redirectTo()
method in the "bootstrap/app.php" file to specify the redirection destination for both users and guests.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->redirectTo(
guests: '/admin/login',
users: '/dashboard'
);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We will utilize the encryptCookies()
method to specify which cookies should not be encrypted in the URL.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->encryptCookies(except: [
'abc',
'test',
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We will utilize the validateCsrfTokens()
method to exempt certain routes from CSRF (Cross-Site Request Forgery) protection.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->validateCsrfTokens(except: [
'/stripe/*',
'/stripe/callback',
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We'll utilize the validateSignatures()
method to exempt certain routes from URL signature validation.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->validateSignatures(except: [
'/api/*',
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We'll employ the convertEmptyStringsToNull()
method to avoid converting empty strings within requests.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->convertEmptyStringsToNull(except: [
fn ($request) => $request->path() === 'admin/dashboard',
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
We'll utilize the trimStrings()
method to prevent string trimming in requests.
<?php
use Illuminate\Foundation\Application;
use Illuminate\Foundation\Configuration\Exceptions;
use Illuminate\Foundation\Configuration\Middleware;
return Application::configure(basePath: dirname(__DIR__))
->withRouting(
web: __DIR__.'/../routes/web.php',
commands: __DIR__.'/../routes/console.php',
health: '/up',
)
->withMiddleware(function (Middleware $middleware) {
$middleware->trimStrings(except: [
'/test',
]);
})
->withExceptions(function (Exceptions $exceptions) {
//
})->create();
You might also like: