What is @routes in app.blade.php [inertia-react app]?

@vincent15000 Is it necessary to use? Or we can leave without it?

@sannjay

we can leave without it?

Can

But you will not able to use the helper function route()

Check => https://github.com/tighten/ziggy#the-route-helper

@frankielee Thank you. I was looking for an option to filter out some url and look like I can do this.

@sannjay Is it the same question or a new one ? I don't understand the link with @routes. Can you give an example of filter ?

@vincent15000 Its not same but related. First I was bit confuse with @routes in my app.blade.php. And when I get the idea that it shows all named routes in source code, I wanted to make sure I can exclude some of them for security reason. And fortunately Ziggy allows this.

@sannjay I also had a discussion here in another post in concern with security reason.

If you are using InertiaJS, you can use only the Laravel routes, so there's really no problem.

If you don't user InertiaJS but pure VueJS for example, you have to worry about what you are doing. If your API routes are correctly secured, the only problem is you have to choose if you want to expose all routes to the users or not. If not, the only way I have found is to make a RouteController accessible via the API to send the menu /routes accessible by the connected user according to his permissions.

@vincent15000 Ohh got it, I am using Inertia, so its smooth for me.

@sannjay But sure too that @routes retrieves all routes, even those not needed (I mean if a user isn't allowed to access some routes). But if your routes correctly secured on the backend side, there is no problem.

I begin to understand that it's an existing and permanent problem when working with a JS framework for the frontend when you have a separate backend.

@vincent15000 with ziggy you can filter routes https://github.com/tighten/ziggy#filtering-routes

@Sinnbeck Do you mean that ziggy can hide some routes ? I mean ... on the frontend JS side, if you write some routes, they are all in the script, aren't they ?

@vincent15000 it shows all in js by default, but you can ask it to hide certain routes, for instance horizon, debugbar or some other route you don't use with inertia

@Sinnbeck Ok sorry that's not clear for me ... it shows all routes by default, but I can hide certain routes ... are they really hidden ? If I read the script, I will not be able to find the hidden routes ?

@vincent15000 exactly

I meant to say same. Ziggy allow us to not include certain URL as per the configuration.

@Sinnbeck That's very interesting ;) ... I already had a discussion on Laracast around security with SPA app.

If I want to filter my routes and for example hide certain routes if a user is not an admin, do I necessarily need some flag (for example ``ìsAdmin```) stored in vuex store or in the sessionStorage for example ? Or is it possible to do another way ?

@vincent15000 you do it in blade. You can show different route groups depending on role https://github.com/tighten/ziggy#filtering-using-groups

@Sinnbeck Oh sorry I didn't see the php configuration file for ziggy.

Does it exist a similar package to use without InertiaJS ?

@vincent15000 it works with any Javascript framework :)

@Sinnbeck My reformulate my question : is it possible to use it via an API with back and front in two separate environments ?

But I think I have already the answer ... If back and front are separate, the only way to send the routes to the front is via an API call ... would ziggy be useful in such a situation ?

@vincent15000 pretty sure you can filter those as well :) but using with api is just slightly down the page https://github.com/tighten/ziggy#retrieving-ziggys-routes-and-config-from-an-api-endpoint

Edit : you can pass a group to the constructor https://github.com/tighten/ziggy/blob/main/src/Ziggy.php#L24

@Sinnbeck I think I should first read the documentation in details ;).

@vincent15000 might be a good idea. And check the ziggy class :)