Download the PHP package laragear/poke without Composer

On this page you can find all versions of the php package laragear/poke. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package poke

Poke

Latest Version on Packagist Latest stable test run Codecov coverage Maintainability Sonarcloud Status Laravel Octane Compatibility

Keep your forms alive, avoid TokenMismatchException by gently poking your Laravel app.

Become a sponsor

Your support allows me to keep this package free, up-to-date and maintainable. Alternatively, you can spread the word!

Requirements

Installation

Require this package into your project using Composer:

How does it work?

This package pokes your App with an HTTP HEAD request to the /poke route at given intervals. In return, while your application renews the session lifetime, it returns an HTTP 204 status code, which is an OK Response without body.

This amounts to barely 0.8 KB sent!

Automatic Reloading on CSRF token expiration

The Poke script will detect if the CSRF session token is expired based on the last successful poke, and forcefully reload the page if there is Internet connection.

This is done by detecting when the browser or tab becomes active, or when the device user becomes online again.

This is handy in situations when the user laptop is put to sleep, or the phone loses signal. Because the session may expire during these moments, the page is reloaded to get the new CSRF token when the browser wakes up or the phone becomes online.

Usage

There are three ways to turn on Poke in your app.

You can change the default mode using your environment file:

auto

Just install this package and look at it go. This will append a middleware in the web group that will look into all your Responses content where:

If there is any match, this will inject the Poke script in charge to keep the forms alive just before the </body> tag.

This mode won't inject the script on error responses or redirections.

[!NOTE]

It's recommended to use the other modes if your application has many routes or Responses with a lot of text.

middleware

This mode does not push the middleware to the web group. Instead, it allows you to use the poke middleware only in the routes you decide.

This will inject the script into the route response if there is an input with a CSRF token. You can also apply this to a route group.

You may want to use the force option to forcefully inject the script at the end of the <body> tag, regardless of the CSRF token input presence. This may be handy when you expect to dynamically load forms on a view after its loaded, or SPA.

As with auto mode, this mode won't inject the script on errors or redirections.

blade

The blade mode disables middleware injection, so you can use the <x-poke-script /> component freely to inject the script anywhere in your view, preferably before the closing </body> tag.

This may be useful if you have large responses, like blog posts, articles or galleries, since the framework won't spend resources inspecting the response, but just rendering the component.

[!TIP]

Don't worry if you have duplicate Poke components in your view. The script is rendered only once, and even if not, the script only runs once.

Configuration

For fine-tuning, you can publish the poke.php config file.

Let's examine the configuration array:

Times (Interval)

How many times the poking will be done relative to the global session lifetime. The more times, the shorter the poking interval. The default 4 should be fine for any normal application.

For example, if our session lifetime is the default of 120 minutes:

In other words, session lifetime / times = poking interval.

Poking

This is the array of settings for the poking route which receives the Poke script request.

Route

The route (relative to the root URL of your application) that will be using to receive the pokes.

[!NOTE]

The poke routes are registered at boot time.

Name

Name of the route, to find the poke route in your app for whatever reason.

Domain

The Poke route is available on all domains. Setting a given domain will scope the route to that domain.

In case you are using a domain or domain pattern, it may be convenient to put the Poke route under a certain one. A classic example is to make the poking available at http://user.myapp.com/poke but no http://api.myapp.com/poke.

Middleware

The default Poke route uses the web middleware group to function properly, as this group handles session, cookies and CSRF tokens.

You can add your own middleware here if you need to.

You can also use the "bare minimum" middleware if you feel like it, thus it may be problematic if you don't know what you're doing.

Script View

Poke injects the script as a Blade component at all times.

You can override the script by publishing it under the views tag:

Some people may want to change the script to use a custom Javascript HTTP library, minify the response, make it compatible for older browsers, or even create a custom Event when CSRF token expires.

The view receives three variables:

Laravel Octane compatibility

There should be no problems using this package with Laravel Octane.

Security

If you discover any security related issues, please email [email protected] instead of using the issue tracker.

License

This specific package version is licensed under the terms of the MIT License, at time of publishing.

Laravel is a Trademark of Taylor Otwell. Copyright © 2011-2024 Laravel LLC.


All versions of poke with dependencies

PHP Build Version
Package Version
Requires php Version ^8.1
laragear/meta Version 3.*
illuminate/http Version 10.*|11.*
illuminate/routing Version 10.*|11.*
illuminate/support Version 10.*|11.*
illuminate/view Version 10.*|11.*
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package laragear/poke contains the following files

Loading the files please wait ....