laravel/laravel
Public
Active contributors: Taylor Otwell
Purpose
public/ is the document root that web servers expose to the internet. It contains the single PHP front controller that bootstraps the framework, plus the rewrite rules Apache needs to send every URL to that controller.
Directory layout
public/
├── .htaccess # Apache rewrite rules (40 lines)
├── favicon.ico # Empty placeholder
├── index.php # Front controller (24 lines)
└── robots.txt # User-agent: * Disallow:How index.php works
The whole front controller is reproduced below, because it's small enough to read in one go and explains the entire request entry path:
<?php
use Illuminate\Foundation\Application;
use Illuminate\Http\Request;
define('LARAVEL_START', microtime(true));
// Determine if the application is in maintenance mode...
if (file_exists($maintenance = __DIR__.'/../storage/framework/maintenance.php')) {
require $maintenance;
}
// Register the Composer autoloader...
require __DIR__.'/../vendor/autoload.php';
// Bootstrap Laravel and handle the request...
/** @var Application $app */
$app = require_once __DIR__.'/../bootstrap/app.php';
$app->handleRequest(Request::capture());Four things happen, in order:
LARAVEL_START— a microsecond-precision timestamp is recorded. Tools like Laravel Debugbar, Telescope, and Pulse use this to compute total request time.- Maintenance check — if
php artisan downwas called, the framework drops a script atstorage/framework/maintenance.php. Loading it short-circuits the rest of the request and returns a 503. - Composer autoload — pulls in every dependency (the framework itself, your
App\namespace, etc.) via PSR-4. - Bootstrap and dispatch —
require_oncereturns the configuredIlluminate\Foundation\Applicationfrombootstrap/app.php(see Bootstrap).handleRequest()runs the full middleware stack and emits the response.
How .htaccess works
.htaccess is read by Apache when the request hits the document root. The rules:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Handle X-XSRF-Token Header
RewriteCond %{HTTP:x-xsrf-token} .
RewriteRule .* - [E=HTTP_X_XSRF_TOKEN:%{HTTP:X-XSRF-Token}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>Four sections:
| Section | Effect |
|---|---|
Options -MultiViews -Indexes |
Disables Apache directory listings and content negotiation |
| Authorization rewrite | Some FastCGI setups strip Authorization; the env-var copy lets PHP read the header reliably |
X-XSRF-Token rewrite |
Same idea for the CSRF header used by Laravel-aware JS clients |
| Trailing-slash 301 | Redirects /foo/ to /foo (only when /foo/ isn't an actual directory) |
| Front controller fallback | Anything that isn't a real file or directory becomes /index.php?... |
On other web servers
The .htaccess is Apache-specific. On nginx you'd put the equivalent into a server block (try_files $uri /index.php?$query_string;). The skeleton does not ship an nginx config — Laravel's docs cover one for Forge and Sail deployments. The PHP built-in server (php artisan serve) doesn't read .htaccess either; it routes URLs to index.php via its own internal logic.
Other files
| File | Notes |
|---|---|
favicon.ico |
A zero-byte placeholder — included so browsers don't 404 on the implicit favicon fetch |
robots.txt |
A two-line file (User-agent: * / Disallow:) — allows everything |
What you should not put in public/
The framework expects public/ to contain only what the web server needs to serve directly. Application code stays in app/. Compiled Vite output (public/build/) is generated, and the public/storage symlink (created by php artisan storage:link) is generated. Both are gitignored. Don't commit hand-written assets here — put them in resources/ and let Vite compile them.
Entry points for modification
You will rarely edit anything in this directory. The two cases that come up:
- Adjusting Apache rules for a hosting provider that strips a header you need. Add another
RewriteCond/RewriteRulepair. Don't remove the existing ones. - Replacing the front controller's pre-bootstrap code is almost never the right answer. If you need to do something before the framework boots, prefer a service provider's
register()method.
Key source files
| File | Purpose |
|---|---|
public/index.php |
Records start time, checks maintenance, boots the framework, dispatches the request |
public/.htaccess |
Apache rewrite rules that route every URL to index.php |
See Bootstrap for what happens once index.php hands control to the framework.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.