1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Get request should not write to database note added. [skip ci]

This commit is contained in:
Deepender Singla 2014-07-29 22:48:50 +05:30
parent da1b8a786c
commit 3d42330048

View file

@ -645,6 +645,8 @@ match 'photos', to: 'photos#show', via: :all
NOTE: Routing both `GET` and `POST` requests to a single action has security implications. In general, you should avoid routing all verbs to an action unless you have a good reason to.
NOTE: 'GET' in Rails doesn't check for CSRF token. You should never write to the database from 'GET' requests, for more information see the [security guide] (security.html#csrf-countermeasures) on CSRF countermeasures.
### Segment Constraints
You can use the `:constraints` option to enforce a format for a dynamic segment: