Laravel - Authentication - Password Confirmation Protecting Routes

You should ensure that any route that performs an action which requires recent password confirmation is assigned the password.confirm middleware. This middleware is included with the default installation of Laravel and will automatically store the user's intended destination in the session so that the user may be redirected to that location after confirming their password. After storing the user's intended destination in the session, the middleware will redirect the user to the password.confirm named route:

    
    Route::get('/settings', function () {
        // ...
    })->middleware(['password.confirm']);
    
    Route::post('/settings', function () {
        // ...
    })->middleware(['password.confirm']);