@pfigdev Of course you need to protect the route. Each HTTP request is completely separate. That endpoint can be hit outside of your dashboard.
If you want to test something then write an actual test, and not try and use a HTTP client like Insomnia.
Summer Sale! All accounts are 50% off this week.
I am setting up a feature where a logged in user of my app can save an item to their favorites and view it. I wanted to setup a route that is protected against unauthorized users. When I test the code below with Insomnia, I get the login page as a response. The route works as intended without the middleware group.
Route::group(['middleware' => ['auth:sanctum']], function() { Route::prefix('/favorites')->group(function() { Route::get('/{id}', [FavoriteController::class, 'show']); }); });
Another question: Do I even need to protect the route if the favorites feature and dashboard are only accessible to signed in users anyway?
Please or to participate in this conversation.