Support the ongoing development of →
Laravel Session Security
Last updated 2 years ago.

Put it behind an Auth Middleware , see , section "Protecting Routes"


Hi, thanks for your answer!

I don't really see how I could protect with a middleware. Let me explain and clarify everything:

My plugin is located at domainName/assets/fileman

It is accessible via my TinyMCE when an admin wants to create a page for instance: domainName/admin/page/create

But when you open the plugin it's a pop-up and you can also access it if you know the URL (which is domainName/assets/fileman).

My /admin routes are protected like so:

Route::group(['prefix' => 'admin', 'middleware' => ['role:admin']], function(){

Middlewares don't seem to be the solution here ;/

Last updated 6 years ago.

I believe the auth middleware may be the solution, try to secure your route this way:

Route::get('domainName/assets/fileman', function () {
    // Only authenticated users will have access to this section


Route::get('domainName/assets/fileman', 'Controller@method')->middleware('auth');

Not sure if it will work for your specific plugin but if you try to access the route directly from the browser it will check if you're authenticated first.


Already tried, this is not working :/

domainName/assets/fileman is located in the public folder, it's a physical route, and I think Laravel cannot forbid a user to access a public folder, whatever the route is


@shad21: Maybe using laravels built in Storage:: Facade would help to a certain extent, since then laravel manages the files and you might be able to protect them?


Sign in to participate in this thread!


Your banner here too?

shad21 shad21 Joined 28 Jan 2017


We'd like to thank these amazing companies for supporting us

Your logo here?

The Laravel portal for problem solving, knowledge sharing and community building.

© 2024 - All rights reserved.