The Request object — Illuminate/Http/Request

Beginner5 min read·lv-09-001

laravel-src

Concept

Illuminate\Http\Request is the object that encapsulates the entire HTTP request. It extends Symfony's Request class and adds Laravel-specific helpers. Understanding its full capabilities is essential for working with HTTP input in controllers and middleware.

What Request contains: URL and path, HTTP method, headers, query parameters ($_GET), body input ($_POST, JSON body), route parameters, uploaded files ($_FILES), cookies, session data, server variables ($_SERVER), and IP address.

How it's created: Laravel creates a single Request instance from PHP's superglobals at boot time using Request::capture(). This instance is bound into the container as a singleton per request. All uses of request() helper or Request injection get the same instance.

PSR-7 compatibility: Laravel's Request is not PSR-7 by default. To use PSR-7, install symfony/psr-http-message-bridge and nyholm/psr7. Then type-hint Psr\Http\Message\ServerRequestInterface in controller methods and Laravel automatically converts.

Request lifecycle: Request::capture() → HTTP Kernel receives it → middleware pipeline processes it → controller receives it → response returned.

Code Example

php

<?php
namespace App\Http\Controllers;

use Illuminate\Http\Request;

class DemoController extends Controller
{
    public function demo(Request $request): array
    {
        // Basic request info
        $method  = $request->method();             // "GET", "POST", etc.
        $path    = $request->path();               // "api/users/42" (no leading /)
        $url     = $request->url();                // "https://app.com/api/users/42"
        $fullUrl = $request->fullUrl();            // includes query string
        $isAjax  = $request->ajax();               // true if X-Requested-With: XMLHttpRequest
        $isJson  = $request->expectsJson();        // true if Accept: application/json
        $isSecure = $request->secure();            // true if HTTPS

        // HTTP method checks
        $request->isMethod('get');    // true for GET
        $request->isMethod('post');   // true for POST
        $request->method() === 'PUT'; // manual check

        // Headers
        $token       = $request->header('Authorization');
        $contentType = $request->header('Content-Type', 'application/json'); // with default
        $allHeaders  = $request->headers->all();
        $bearerToken = $request->bearerToken(); // "Bearer TOKEN" → extracts TOKEN

        // IP address (respects TrustProxies config)
        $clientIp = $request->ip();
        $allIps   = $request->ips(); // array — X-Forwarded-For may contain multiple

        // User agent
        $userAgent = $request->userAgent();

        return compact('method', 'path', 'url', 'isJson', 'clientIp');
    }

    // Multiple injection points — both work
    public function store(Request $request): void {}

    // Route parameter injection
    // Route: /orders/{id}/items/{itemId}
    public function showItem(Request $request, string $id, string $itemId): void
    {
        // $request, $id, $itemId all injected in order matching method signature
    }
}

PreviousController authorization — $this->authorize(), can()Controllers NextRetrieving input — $request->input(), get(), query(), post()Request & Input