Please sign in to comment.
use :only instead of :except callback option in the controller template
As [Security Guide](http://edgeguides.rubyonrails.org/security.html#whitelists-versus-blacklists) says, it's better to use `before_filter only: ` instead of `except: ` so we don't forget to turn the filter off for newly added actions.
- Loading branch information...
Showing with 2 additions and 3 deletions.