Laravel login should only allow POST method, however when testing for security can find that POST method can be replaced by GET method and hacker can get login information. Laravel default login has these route
$this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
$this->post('login', 'Auth\LoginController@login');
Is there any way I can disable GET method and only allow POST Method?
Open vendor/laravel/framework/src/Illuminate/Routing/Router.php Change this line of code:
public function auth(){
$this->get('login', 'Auth\LoginController@showLoginForm')->name('login');
...........
...........
}
just change the url as your wish:
$this->get('url_as_your_wish', 'Auth\LoginController@showLoginForm')->name('login');
Now you can be able to go to the login page using your url.