Permalink
Browse files

Added notes to Routing documentation and routes.rb regarding defaults…

… routes opening the whole application for GET requests

Signed-off-by: Michael Koziarski <michael@koziarski.com>
  • Loading branch information...
1 parent c6a4c17 commit 6e58a254942eb6d7b508452bb7b5b418607dc272 @clemens clemens committed with NZKoz Jul 9, 2008
Showing with 6 additions and 0 deletions.
  1. +4 −0 actionpack/lib/action_controller/routing.rb
  2. +2 −0 railties/configs/routes.rb
@@ -88,6 +88,10 @@ module ActionController
#
# map.connect ':controller/:action/:id', :action => 'show', :defaults => { :page => 'Dashboard' }
#
+ # Note: The default routes, as provided by the Rails generator, make all actions in every
+ # controller accessible via GET requests. You should consider removing them or commenting
+ # them out if you're using named routes and resources.
+ #
# == Named routes
#
# Routes can be named with the syntax <tt>map.name_of_route options</tt>,
@@ -36,6 +36,8 @@
# See how all your routes lay out with "rake routes"
# Install the default routes as the lowest priority.
+ # Note: These default routes make all actions in every controller accessible via GET requests. You should
+ # consider removing the them or commenting them out if you're using named routes and resources.
map.connect ':controller/:action/:id'
map.connect ':controller/:action/:id.:format'
end

0 comments on commit 6e58a25

Please sign in to comment.