HTTP Responses
Creating Responses
Strings and Arrays
All routes and controllers should return a response to be sent back to the user's browser. Laravel provides several different ways to return responses. The most basic response is returning a string from a route or controller. The framework will automatically convert the string into a full HTTP response:
1Route::get('/', function () {2 return 'Hello World';3});
1Route::get('/', function () {2 return 'Hello World';3});
In addition to returning strings from your routes and controllers, you may also return arrays. The framework will automatically convert the array into a JSON response:
1Route::get('/', function () {2 return [1, 2, 3];3});
1Route::get('/', function () {2 return [1, 2, 3];3});
Did you know you can also return Eloquent collections from your routes or controllers? They will automatically be converted to JSON. Give it a shot!
Response Objects
Typically, you won't just be returning simple strings or arrays from your route actions. Instead, you will be returning full Illuminate\Http\Response
instances or views.
Returning a full Response
instance allows you to customize the response's HTTP status code and headers. A Response
instance inherits from the Symfony\Component\HttpFoundation\Response
class, which provides a variety of methods for building HTTP responses:
1Route::get('/home', function () {2 return response('Hello World', 200)3 ->header('Content-Type', 'text/plain');4});
1Route::get('/home', function () {2 return response('Hello World', 200)3 ->header('Content-Type', 'text/plain');4});
Eloquent Models and Collections
You may also return Eloquent ORM models and collections directly from your routes and controllers. When you do, Laravel will automatically convert the models and collections to JSON responses while respecting the model's hidden attributes:
1use App\Models\User;23Route::get('/user/{user}', function (User $user) {4 return $user;5});
1use App\Models\User;23Route::get('/user/{user}', function (User $user) {4 return $user;5});
Attaching Headers to Responses
Keep in mind that most response methods are chainable, allowing for the fluent construction of response instances. For example, you may use the header
method to add a series of headers to the response before sending it back to the user:
1return response($content)2 ->header('Content-Type', $type)3 ->header('X-Header-One', 'Header Value')4 ->header('X-Header-Two', 'Header Value');
1return response($content)2 ->header('Content-Type', $type)3 ->header('X-Header-One', 'Header Value')4 ->header('X-Header-Two', 'Header Value');
Or, you may use the withHeaders
method to specify an array of headers to be added to the response:
1return response($content)2 ->withHeaders([3 'Content-Type' => $type,4 'X-Header-One' => 'Header Value',5 'X-Header-Two' => 'Header Value',6 ]);
1return response($content)2 ->withHeaders([3 'Content-Type' => $type,4 'X-Header-One' => 'Header Value',5 'X-Header-Two' => 'Header Value',6 ]);
Cache Control Middleware
Laravel includes a cache.headers
middleware, which may be used to quickly set the Cache-Control
header for a group of routes. Directives should be provided using the "snake case" equivalent of the corresponding cache-control directive and should be separated by a semicolon. If etag
is specified in the list of directives, an MD5 hash of the response content will automatically be set as the ETag identifier:
1Route::middleware('cache.headers:public;max_age=2628000;etag')->group(function () {2 Route::get('/privacy', function () {3 // ...4 });56 Route::get('/terms', function () {7 // ...8 });9});
1Route::middleware('cache.headers:public;max_age=2628000;etag')->group(function () {2 Route::get('/privacy', function () {3 // ...4 });56 Route::get('/terms', function () {7 // ...8 });9});
Attaching Cookies to Responses
You may attach a cookie to an outgoing Illuminate\Http\Response
instance using the cookie
method. You should pass the name, value, and the number of minutes the cookie should be considered valid to this method:
1return response('Hello World')->cookie(2 'name', 'value', $minutes3);
1return response('Hello World')->cookie(2 'name', 'value', $minutes3);
The cookie
method also accepts a few more arguments which are used less frequently. Generally, these arguments have the same purpose and meaning as the arguments that would be given to PHP's native setcookie method:
1return response('Hello World')->cookie(2 'name', 'value', $minutes, $path, $domain, $secure, $httpOnly3);
1return response('Hello World')->cookie(2 'name', 'value', $minutes, $path, $domain, $secure, $httpOnly3);
If you would like to ensure that a cookie is sent with the outgoing response but you do not yet have an instance of that response, you can use the Cookie
facade to "queue" cookies for attachment to the response when it is sent. The queue
method accepts the arguments needed to create a cookie instance. These cookies will be attached to the outgoing response before it is sent to the browser:
1use Illuminate\Support\Facades\Cookie;23Cookie::queue('name', 'value', $minutes);
1use Illuminate\Support\Facades\Cookie;23Cookie::queue('name', 'value', $minutes);
Generating Cookie Instances
If you would like to generate a Symfony\Component\HttpFoundation\Cookie
instance that can be attached to a response instance at a later time, you may use the global cookie
helper. This cookie will not be sent back to the client unless it is attached to a response instance:
1$cookie = cookie('name', 'value', $minutes);23return response('Hello World')->cookie($cookie);
1$cookie = cookie('name', 'value', $minutes);23return response('Hello World')->cookie($cookie);
Expiring Cookies Early
You may remove a cookie by expiring it via the withoutCookie
method of an outgoing response:
1return response('Hello World')->withoutCookie('name');
1return response('Hello World')->withoutCookie('name');
If you do not yet have an instance of the outgoing response, you may use the Cookie
facade's expire
method to expire a cookie:
1Cookie::expire('name');
1Cookie::expire('name');
Cookies and Encryption
By default, all cookies generated by Laravel are encrypted and signed so that they can't be modified or read by the client. If you would like to disable encryption for a subset of cookies generated by your application, you may use the $except
property of the App\Http\Middleware\EncryptCookies
middleware, which is located in the app/Http/Middleware
directory:
1/**2 * The names of the cookies that should not be encrypted.3 *4 * @var array5 */6protected $except = [7 'cookie_name',8];
1/**2 * The names of the cookies that should not be encrypted.3 *4 * @var array5 */6protected $except = [7 'cookie_name',8];
Redirects
Redirect responses are instances of the Illuminate\Http\RedirectResponse
class, and contain the proper headers needed to redirect the user to another URL. There are several ways to generate a RedirectResponse
instance. The simplest method is to use the global redirect
helper:
1Route::get('/dashboard', function () {2 return redirect('home/dashboard');3});
1Route::get('/dashboard', function () {2 return redirect('home/dashboard');3});
Sometimes you may wish to redirect the user to their previous location, such as when a submitted form is invalid. You may do so by using the global back
helper function. Since this feature utilizes the session, make sure the route calling the back
function is using the web
middleware group:
1Route::post('/user/profile', function () {2 // Validate the request...34 return back()->withInput();5});
1Route::post('/user/profile', function () {2 // Validate the request...34 return back()->withInput();5});
Redirecting to Named Routes
When you call the redirect
helper with no parameters, an instance of Illuminate\Routing\Redirector
is returned, allowing you to call any method on the Redirector
instance. For example, to generate a RedirectResponse
to a named route, you may use the route
method:
1return redirect()->route('login');
1return redirect()->route('login');
If your route has parameters, you may pass them as the second argument to the route
method:
1// For a route with the following URI: /profile/{id}23return redirect()->route('profile', ['id' => 1]);
1// For a route with the following URI: /profile/{id}23return redirect()->route('profile', ['id' => 1]);
Populating Parameters via Eloquent Models
If you are redirecting to a route with an "ID" parameter that is being populated from an Eloquent model, you may pass the model itself. The ID will be extracted automatically:
1// For a route with the following URI: /profile/{id}23return redirect()->route('profile', [$user]);
1// For a route with the following URI: /profile/{id}23return redirect()->route('profile', [$user]);
If you would like to customize the value that is placed in the route parameter, you can specify the column in the route parameter definition (/profile/{id:slug}
) or you can override the getRouteKey
method on your Eloquent model:
1/**2 * Get the value of the model's route key.3 */4public function getRouteKey(): mixed5{6 return $this->slug;7}
1/**2 * Get the value of the model's route key.3 */4public function getRouteKey(): mixed5{6 return $this->slug;7}
Redirecting to Controller Actions
You may also generate redirects to controller actions. To do so, pass the controller and action name to the action
method:
1use App\Http\Controllers\UserController;23return redirect()->action([UserController::class, 'index']);
1use App\Http\Controllers\UserController;23return redirect()->action([UserController::class, 'index']);
If your controller route requires parameters, you may pass them as the second argument to the action
method:
1return redirect()->action(2 [UserController::class, 'profile'], ['id' => 1]3);
1return redirect()->action(2 [UserController::class, 'profile'], ['id' => 1]3);
Redirecting to External Domains
Sometimes you may need to redirect to a domain outside of your application. You may do so by calling the away
method, which creates a RedirectResponse
without any additional URL encoding, validation, or verification:
1return redirect()->away('https://www.google.com');
1return redirect()->away('https://www.google.com');
Redirecting With Flashed Session Data
Redirecting to a new URL and flashing data to the session are usually done at the same time. Typically, this is done after successfully performing an action when you flash a success message to the session. For convenience, you may create a RedirectResponse
instance and flash data to the session in a single, fluent method chain:
1Route::post('/user/profile', function () {2 // ...34 return redirect('dashboard')->with('status', 'Profile updated!');5});
1Route::post('/user/profile', function () {2 // ...34 return redirect('dashboard')->with('status', 'Profile updated!');5});
After the user is redirected, you may display the flashed message from the session. For example, using Blade syntax:
1@if (session('status'))2 <div class="alert alert-success">3 {{ session('status') }}4 </div>5@endif
1@if (session('status'))2 <div class="alert alert-success">3 {{ session('status') }}4 </div>5@endif
Redirecting With Input
You may use the withInput
method provided by the RedirectResponse
instance to flash the current request's input data to the session before redirecting the user to a new location. This is typically done if the user has encountered a validation error. Once the input has been flashed to the session, you may easily retrieve it during the next request to repopulate the form:
1return back()->withInput();
1return back()->withInput();
Other Response Types
The response
helper may be used to generate other types of response instances. When the response
helper is called without arguments, an implementation of the Illuminate\Contracts\Routing\ResponseFactory
contract is returned. This contract provides several helpful methods for generating responses.
View Responses
If you need control over the response's status and headers but also need to return a view as the response's content, you should use the view
method:
1return response()2 ->view('hello', $data, 200)3 ->header('Content-Type', $type);
1return response()2 ->view('hello', $data, 200)3 ->header('Content-Type', $type);
Of course, if you do not need to pass a custom HTTP status code or custom headers, you may use the global view
helper function.
JSON Responses
The json
method will automatically set the Content-Type
header to application/json
, as well as convert the given array to JSON using the json_encode
PHP function:
1return response()->json([2 'name' => 'Abigail',3 'state' => 'CA',4]);
1return response()->json([2 'name' => 'Abigail',3 'state' => 'CA',4]);
If you would like to create a JSONP response, you may use the json
method in combination with the withCallback
method:
1return response()2 ->json(['name' => 'Abigail', 'state' => 'CA'])3 ->withCallback($request->input('callback'));
1return response()2 ->json(['name' => 'Abigail', 'state' => 'CA'])3 ->withCallback($request->input('callback'));
File Downloads
The download
method may be used to generate a response that forces the user's browser to download the file at the given path. The download
method accepts a filename as the second argument to the method, which will determine the filename that is seen by the user downloading the file. Finally, you may pass an array of HTTP headers as the third argument to the method:
1return response()->download($pathToFile);23return response()->download($pathToFile, $name, $headers);
1return response()->download($pathToFile);23return response()->download($pathToFile, $name, $headers);
Symfony HttpFoundation, which manages file downloads, requires the file being downloaded to have an ASCII filename.
Streamed Downloads
Sometimes you may wish to turn the string response of a given operation into a downloadable response without having to write the contents of the operation to disk. You may use the streamDownload
method in this scenario. This method accepts a callback, filename, and an optional array of headers as its arguments:
1use App\Services\GitHub;23return response()->streamDownload(function () {4 echo GitHub::api('repo')5 ->contents()6 ->readme('laravel', 'laravel')['contents'];7}, 'laravel-readme.md');
1use App\Services\GitHub;23return response()->streamDownload(function () {4 echo GitHub::api('repo')5 ->contents()6 ->readme('laravel', 'laravel')['contents'];7}, 'laravel-readme.md');
File Responses
The file
method may be used to display a file, such as an image or PDF, directly in the user's browser instead of initiating a download. This method accepts the absolute path to the file as its first argument and an array of headers as its second argument:
1return response()->file($pathToFile);23return response()->file($pathToFile, $headers);
1return response()->file($pathToFile);23return response()->file($pathToFile, $headers);
Response Macros
If you would like to define a custom response that you can re-use in a variety of your routes and controllers, you may use the macro
method on the Response
facade. Typically, you should call this method from the boot
method of one of your application's service providers, such as the App\Providers\AppServiceProvider
service provider:
1<?php23namespace App\Providers;45use Illuminate\Support\Facades\Response;6use Illuminate\Support\ServiceProvider;78class AppServiceProvider extends ServiceProvider9{10 /**11 * Bootstrap any application services.12 */13 public function boot(): void14 {15 Response::macro('caps', function (string $value) {16 return Response::make(strtoupper($value));17 });18 }19}
1<?php23namespace App\Providers;45use Illuminate\Support\Facades\Response;6use Illuminate\Support\ServiceProvider;78class AppServiceProvider extends ServiceProvider9{10 /**11 * Bootstrap any application services.12 */13 public function boot(): void14 {15 Response::macro('caps', function (string $value) {16 return Response::make(strtoupper($value));17 });18 }19}
The macro
function accepts a name as its first argument and a closure as its second argument. The macro's closure will be executed when calling the macro name from a ResponseFactory
implementation or the response
helper:
1return response()->caps('foo');
1return response()->caps('foo');