Livewire behind authenticated routes


I am a bit confused on the internals, more specifically would a Livewire object be accessible by someone by firing an ajax call?

I have a route which requires authentication that loads Livewire, this Livewire controller handled sensitive data and I would like to know how secure is? I can’t seem to find anything that would allow me to put it behind a middleware.


You can define the middleware on your routes just like normal Laravel controllers.


Route::middleware('auth')->group(function() {
    Route::livewire('/path-to-component', 'component');

If you route already requires authentication and your livewire component is on the view defined by that route, it would still go through the auth middleware as a normal Laravel component. There’d be no direct route to the livewire component unless you define a route to it.

Thanks, this is a cool feature but only if you load the component directly

True, it’s for direct component usage but the main point is that you can house any of our Route logic within the middleware and still have the middleware apply.

If your livewire component lives within a view that has the middleware applied, the user will have to authenticate to access that route.

1 Like