How laravel works with expiration in signed URLs? Is the expiration protected in any way against manual overwriting?
I generate confirmation emails in my laravel application that have a limited usage time. Is it possible, when rewriting the expiration parameter in url, to convince laravel that the url has not yet expired? My generated url is here:
http://localhost/register/confirm/19?expires=1654334707&signature=2e44bb1c17bab475bbffb442316ad932723ba50376db6d75cb0c2fe2675d5535
CodePudding user response:
To answer you : No, you can't rewrite a signature since everything is in the Hash.
You can find the answer in the documentation : https://laravel.com/docs/9.x/urls#signed-urls
Just don't forget to use the middleware "signed" on your route or add a logic check in your controller or service