devwebapp devwebapp - 1 year ago 80
Ajax Question

Ajax in Laravel 5.3 accessible by everyone

I am new to Laravel, so sorry for my code..

I am trying to integrate a jquery library with my Laravel project.


public function index()

return view('products');


public function data()
$products = Product::all();

return $products->toJson();



Route::get('/products', ['as' => 'products', 'uses' => 'ProductController@index']);
Route::get('/products/data', ['as' => '', 'uses' => 'ProductController@data']);



var CSRF_TOKEN = $('meta[name="csrf-token"]').attr('content');

url: '/products/data/',
type: 'GET',
data: {_token: CSRF_TOKEN},
dataType: 'JSON',
success: function (data) {


Everything works, but if I go to /products/data/ I can see the json on the browser. That should not happen!

Am I doing it right? It this the right way of getting json data from the database into the view?

Thank you.

Answer Source

As long this information is not usefull for an attacker you've nothing to worry about. Product information is most likely not a thing you want if you want to do some harm to a website.

Make sure information about users doesn't transfer over a GET Request. Because this way someone who wants to do harm to your website has access to information they want to achieve. Make sure this data travels over a POST Request so they can't get access to the information very easy. Also make sure you hash information that should be only in the hands of the user him or herself or other trusted sources.

In this situation i don't really see anything wrong with your approach at first sight.

A little more information about this subject can be found here: HTTP Methods: GET vs. POST

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download