Skip to content

Mohcin Bounouara

Thoughts about software engineering and life

Understanding Method Spoofing in Laravel

Title: Understanding Method Spoofing in Laravel

When working with request/response methods, different HTTP methods like GET, POST, PUT, and PATCH have custom purposes. POST is generally used for creating resources, while PUT and PATCH are intended for updates. But as a developer, you’ll often see POST used for updates too.

This happens due to browser limitations, legacy systems, and modern frontend frameworks like Vue and React causes

Why POST is Often Used for Updates

Browsers natively support POST and GET, but not PUT or PATCH. Because of this, many systems and frontend frameworks default to POST for both creating and updating resources. It simplifies API design and reduces complexity. To achieve this, Laravel provides a solution called method spoofing.

What is Method Spoofing?

Method spoofing allows us to simulate other HTTP methods (like PUT, PATCH, and DELETE) using a POST request. This is especially useful when submitting forms, which usually only support POST and GET.

Example of Method Spoofing in Laravel

Here’s how you can implement method spoofing in Laravel:

<form method="POST" action="/user/update">
    @method('PUT') 
    <input type="text" name="name" value="Updated Name">
    <button type="submit">Update</button>
</form>
  • @method(‘PUT’): Tells Laravel to treat this POST request as a PUT request, allowing you to update the resource.

Laravel Route for Updating

Here’s a normal route definition for updating a user in Laravel:

Route::put('user/', [UserController::class, 'update'])->name('users.update');

This route handles the PUT request that was spoofed in the form, enabling proper update logic on the server side.

That’s is, happy coding 🙂