Add to .env file
1APP_READ_ONLY = true
By default only pages accessed with GET requests will be allowed, everything else will throw a 401 Unauthorized response. You can modify the blocked request types in the lockout configuration file.
To optionally allow logging into the application to view secure areas, after login only GET requests will still be allowed.
1APP_READ_ONLY_LOGIN = true
You can set your login/logout paths from the configuration file if they differ from the Laravel default.
Locking GET Pages
If you want to block access to regular pages in addition to the lockout types, or just by themselves you can edit the pages array of the config file:
1'pages' => [2 'register', // Blocks access to the register page3],
Conditionally Rendering Views
You may conditionally render views based on the status of the lockout with this blade helper:
1@readonly2 Sorry for the inconvenience, but our application is currently in read-only mode. Please check back soon.3@endreadonly
You may whitelist certain paths for certain methods. I.e. part of your application is behind the password.confirm middleware and you want the demo user to be able to access it.
1'whitelist' => [2 'post' => '/password/confirm',3],