Support the ongoing development of →
posted 8 years ago
Last updated 2 years ago.

The moment you put something in the public folder, by definition it becomes "public". i.e. any visitor to your website will be able to view/download the file.

Take a look at your .htaccess file - accessing any "file" or "directory" in the url, completely bypasses the Laravel framework. i.e. the file is directly served without hitting the index.php file. While this would indeed be quick, it does not allow you to place any kind of security control if required.

Take the example of Laracasts.. Jeffrey could just put all his mp4 files in the public folder. Then, there would be no way to filter for "members". Similarly, there are several scenarios that depend on being able use "middleware" to control access to files stored in the server filesystem.

Now, the Laravel "Filesystem" class just provides a convenient wrapper around the base php file manipulation operations. So, you can use functions like File::put() or File::get() within the controller routes that expose files.

Bottomline: You are recommended to put only truly public assets - such as js, css and templates in the public folder. Everything else goes into a non-public folder (usually the "storage" folder in Laravel).

Hope this helps.


In addition it gives you a common interface to the different file systems, so a change from local to S3 should be relatively pain free


Sign in to participate in this thread!


Your banner here too?

haris haris Joined 26 Jul 2015


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 - All rights reserved.