kotovalexarian-likes-github/rails--rails

Fork 0

mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Commit graph

Author	SHA1	Message	Date
Jose and Yehuda	56cdc81c08	Remove default match without specified method In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964	2012-04-24 22:52:26 -05:00
Carlos Antonio da Silva	71566c3573	Remove rescue_action from compatibility module and tests	2012-01-17 10:04:37 -02:00
Brian Durand	2b04c2f66e	Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache.	2011-10-21 13:13:29 -05:00

Author

SHA1

Message

Date

Jose and Yehuda

56cdc81c08

Remove default match without specified method

In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964

2012-04-24 22:52:26 -05:00

Carlos Antonio da Silva

71566c3573

Remove rescue_action from compatibility module and tests

2012-01-17 10:04:37 -02:00

Brian Durand

2b04c2f66e

Add ActionDispatch::Session::CacheStore as a generic way of storing sessions in a cache.

2011-10-21 13:13:29 -05:00

3 commits