# Configuration

# Publish the config

php artisan vendor:publish --tag=media-library-config

The configuration file will be placed in config/media-library.php

# Api Path

Allow the endpoint path in config/cors.php. The default is media-library.

'paths' => [..., 'media-library/*'],

# Cors

# Namespace

For namespacing uploads and access, the package allows providing a namespace at a request level. Useful for multi-vendor or applications with strict upload content ownership.

For multi-vendor, feel free to add a gateway middleware in route.middleware to verify your users' namespace.

Allow the Namespace header in config/cors.php:

'allowed_headers' => [

# Middleware

Guard your upload and mutation endpoints to only allow admin access.

This guards the protected file access routes, browsing and file/folder update endpoints.

'route' => [
    'middleware' => [
        'media.protected' => [

To further protect other routes, define the values for each route name.

See all routes.