back
loading skill details...
Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.
Laravel Security Best Practices
Comprehensive security guidance for Laravel applications to protect against common vulnerabilities.
When to Activate
Adding authentication or authorization
Handling user input and file uploads
Building new API endpoints
Managing secrets and environment settings
Hardening production deployments
How It Works
Middleware provides baseline protections (CSRF via VerifyCsrfToken, security headers via SecurityHeaders).
Guards and policies enforce access control (auth:sanctum, $this->authorize, policy middleware).
Form Requests validate and shape input (UploadInvoiceRequest) before it reaches services.
Rate limiting adds abuse protection (RateLimiter::for('login')) alongside auth controls.
Data safety comes from encrypted casts, mass-assignment guards, and signed routes (URL::temporarySignedRoute + signed middleware).don't have the plugin yet? install it then click "run inline in claude" again.