Skip to content

[13.x] Add HTTP idempotency middleware#59304

Open
WendellAdriel wants to merge 2 commits into13.xfrom
feat/http-idempotency
Open

[13.x] Add HTTP idempotency middleware#59304
WendellAdriel wants to merge 2 commits into13.xfrom
feat/http-idempotency

Conversation

@WendellAdriel
Copy link
Copy Markdown
Member

@WendellAdriel WendellAdriel commented Mar 20, 2026
edited
Loading

Overview

This PR adds first-class idempotency handling for write requests so applications can safely retry POST, PUT, and PATCH operations without duplicating work.

Approach

  • add a configurable middleware that scopes and stores request fingerprints and responses
  • replay matching responses, reject conflicting reuse, and guard concurrent in-flight duplicates
  • expose the middleware through the default alias map and controller attributes, with integration coverage for the main request flows

Examples

Route::post('/orders', OrderController::class)
    ->middleware(Idempotent::using(ttl: 600));
#[Idempotent]
class OrderController
{
    public function __invoke(): Response
    {
        // ...
    }
}
class OrderController
{
    #[Idempotent(scope: 'user')]
    public function store(): Response
    {
        // ...
    }
}

@WendellAdriel
Add HTTP idempotency middleware for safe request retries
a4094f4 
Introduce an `Idempotent` middleware that caches responses keyed by a
client-supplied idempotency header, preventing duplicate side-effects
when requests are retried. Supports configurable TTL, required/optional
key enforcement, user/ip/global scoping, custom header names, concurrent
request locking, JSON payload normalization, and redirect replay.

Also adds an `#[Idempotent]` controller attribute for declarative usage
and registers `idempotent` as a default middleware alias.
@WendellAdriel
Fix kernel middleware priority expectations
8777963
@WendellAdriel WendellAdriel marked this pull request as ready for review March 20, 2026 19:01
@WendellAdriel WendellAdriel mentioned this pull request Mar 20, 2026
Draft
@WendellAdriel WendellAdriel changed the title Add HTTP idempotency middleware [13.x] Add HTTP idempotency middleware Mar 25, 2026
shaedrich
shaedrich reviewed Mar 31, 2026
View reviewed changes
src/Illuminate/Routing/Middleware/Idempotent.php
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
Copy link
Copy Markdown
Contributor

@shaedrich shaedrich Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can add types here:

Suggested change
* @param \Closure $next
* @param \Closure(\Illuminate\Http\Request): \Symfony\Component\HttpFoundation\Response $next

src/Illuminate/Routing/Middleware/Idempotent.php

if (is_null($clientKey) || $clientKey === '') {
if ($required) {
throw new HttpException(400, "Missing required header: {$header}");
Copy link
Copy Markdown
Contributor

@shaedrich shaedrich Mar 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could work with the constants here:

Suggested change
throw new HttpException(400, "Missing required header: {$header}");
throw new HttpException(Response::HTTP_BAD_REQUEST, "Missing required header: {$header}");

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@shaedrich shaedrich shaedrich left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@WendellAdriel @shaedrich