mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Get request should not write to database note added. [skip ci]
This commit is contained in:
parent
da1b8a786c
commit
3d42330048
1 changed files with 2 additions and 0 deletions
|
@ -645,6 +645,8 @@ match 'photos', to: 'photos#show', via: :all
|
|||
|
||||
NOTE: Routing both `GET` and `POST` requests to a single action has security implications. In general, you should avoid routing all verbs to an action unless you have a good reason to.
|
||||
|
||||
NOTE: 'GET' in Rails doesn't check for CSRF token. You should never write to the database from 'GET' requests, for more information see the [security guide] (security.html#csrf-countermeasures) on CSRF countermeasures.
|
||||
|
||||
### Segment Constraints
|
||||
|
||||
You can use the `:constraints` option to enforce a format for a dynamic segment:
|
||||
|
|
Loading…
Reference in a new issue