Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
I'm using Laravel, InertiaJs and React in my Web application. Day by day it is getting bigger and security is becoming foremost thing to focus.
I am using breeze as my authentication provider. I noticed that it has @routes directive and it exposes all the route when someone views page source code.
How can I get rid from this? I want to use the javascript route() helper in my react code but don't want to include @routes with app.blade.php.
I'm using Laravel 11.
Thanks
You can compile it into a js file instead. It is described here
https://github.com/tighten/ziggy?tab=readme-ov-file#javascript-frameworks
But of course people can still find all routes as you are sending them to the client. Now they just need to find it in a js file instead (harder to find but no impossible)
@Sinnbeck Thanks, This is what I was searching for. Indeed it is still visible to end-user, but by adding it within the JS file, visibility of this routes may be harder to find.
@Sinnbeck Do you know, what mechanism does Laracasts is using? May be it is not exposing any routes. (Might be I am wrong). or also if you have any better solution to handle it let me know, Please.
Thanks
@DhPandya I am not sure. But they might just simply type out the routes :)
Please or to participate in this conversation.