Prevent users from accessing search api.

Posted 1 month ago by JarJarSloth

I am building a search function on my site and users can search for others users. Im making an axios.get request against /api/search?q= with their query.

The problem i'm having is that users can simply visit /api/search?q= and it will return information about a lot of users i don't want them to have access to.

Could i somehow handle the access via CSRF token or something else to fix this issue?

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up

Channels

Reply to

Use Markdown with GitHub-flavored code blocks.