Open-Source Wikis

/

Laravel

/

Systems

/

Public

laravel/laravel

Public

Active contributors: Taylor Otwell

Purpose

public/ is the document root that web servers expose to the internet. It contains the single PHP front controller that bootstraps the framework, plus the rewrite rules Apache needs to send every URL to that controller.

Directory layout

public/
├── .htaccess        # Apache rewrite rules (40 lines)
├── favicon.ico      # Empty placeholder
├── index.php        # Front controller (24 lines)
└── robots.txt       # User-agent: *  Disallow:

How index.php works

The whole front controller is reproduced below, because it's small enough to read in one go and explains the entire request entry path:

<?php

use Illuminate\Foundation\Application;
use Illuminate\Http\Request;

define('LARAVEL_START', microtime(true));

// Determine if the application is in maintenance mode...
if (file_exists($maintenance = __DIR__.'/../storage/framework/maintenance.php')) {
    require $maintenance;
}

// Register the Composer autoloader...
require __DIR__.'/../vendor/autoload.php';

// Bootstrap Laravel and handle the request...
/** @var Application $app */
$app = require_once __DIR__.'/../bootstrap/app.php';

$app->handleRequest(Request::capture());

Four things happen, in order:

  1. LARAVEL_START — a microsecond-precision timestamp is recorded. Tools like Laravel Debugbar, Telescope, and Pulse use this to compute total request time.
  2. Maintenance check — if php artisan down was called, the framework drops a script at storage/framework/maintenance.php. Loading it short-circuits the rest of the request and returns a 503.
  3. Composer autoload — pulls in every dependency (the framework itself, your App\ namespace, etc.) via PSR-4.
  4. Bootstrap and dispatchrequire_once returns the configured Illuminate\Foundation\Application from bootstrap/app.php (see Bootstrap). handleRequest() runs the full middleware stack and emits the response.

How .htaccess works

.htaccess is read by Apache when the request hits the document root. The rules:

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Handle X-XSRF-Token Header
    RewriteCond %{HTTP:x-xsrf-token} .
    RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

Four sections:

Section Effect
Options -MultiViews -Indexes Disables Apache directory listings and content negotiation
Authorization rewrite Some FastCGI setups strip Authorization; the env-var copy lets PHP read the header reliably
X-XSRF-Token rewrite Same idea for the CSRF header used by Laravel-aware JS clients
Trailing-slash 301 Redirects /foo/ to /foo (only when /foo/ isn't an actual directory)
Front controller fallback Anything that isn't a real file or directory becomes /index.php?...

On other web servers

The .htaccess is Apache-specific. On nginx you'd put the equivalent into a server block (try_files $uri /index.php?$query_string;). The skeleton does not ship an nginx config — Laravel's docs cover one for Forge and Sail deployments. The PHP built-in server (php artisan serve) doesn't read .htaccess either; it routes URLs to index.php via its own internal logic.

Other files

File Notes
favicon.ico A zero-byte placeholder — included so browsers don't 404 on the implicit favicon fetch
robots.txt A two-line file (User-agent: * / Disallow:) — allows everything

What you should not put in public/

The framework expects public/ to contain only what the web server needs to serve directly. Application code stays in app/. Compiled Vite output (public/build/) is generated, and the public/storage symlink (created by php artisan storage:link) is generated. Both are gitignored. Don't commit hand-written assets here — put them in resources/ and let Vite compile them.

Entry points for modification

You will rarely edit anything in this directory. The two cases that come up:

  • Adjusting Apache rules for a hosting provider that strips a header you need. Add another RewriteCond / RewriteRule pair. Don't remove the existing ones.
  • Replacing the front controller's pre-bootstrap code is almost never the right answer. If you need to do something before the framework boots, prefer a service provider's register() method.

Key source files

File Purpose
public/index.php Records start time, checks maintenance, boots the framework, dispatches the request
public/.htaccess Apache rewrite rules that route every URL to index.php

See Bootstrap for what happens once index.php hands control to the framework.

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Public – Laravel wiki | Factory