Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

use :only instead of :except callback option in the controller template

As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists)
says, it's better to use `before_filter only: []` instead of `except: []`
so we don't forget to turn the filter off for newly added actions.
  • Loading branch information...
commit a3c29b70a9ec6696e76ba5a6e5ef856d31b3a427 1 parent 69163cc
@frodsan frodsan authored
View
5 railties/lib/rails/generators/rails/scaffold_controller/templates/controller.rb
@@ -4,8 +4,8 @@
<% end -%>
<% module_namespacing do -%>
class <%= controller_class_name %>Controller < ApplicationController
- before_action :set_<%= singular_table_name %>, except: [ :index, :new, :create ]
-
+ before_action :set_<%= singular_table_name %>, only: [ :show, :edit, :update, :destroy ]
+
# GET <%= route_url %>
# GET <%= route_url %>.json
def index
@@ -82,7 +82,6 @@ def destroy
end
end
-
private
# Use callbacks to share common setup or constraints between actions.
def set_<%= singular_table_name %>
Please sign in to comment.
Something went wrong with that request. Please try again.