kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity
rails--rails/railties/test/application/middleware
History
Jose and Yehuda 56cdc81c08 Remove default match without specified method 
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964
2012-04-24 22:52:26 -05:00
..
best_practices_test.rb convert railties to use AS::TestCase 2012-01-05 17:30:17 -08:00
cache_test.rb Remove default match without specified method 2012-04-24 22:52:26 -05:00
cookies_test.rb convert railties to use AS::TestCase 2012-01-05 17:30:17 -08:00
exceptions_test.rb Remove default match without specified method 2012-04-24 22:52:26 -05:00
remote_ip_test.rb convert railties to use AS::TestCase 2012-01-05 17:30:17 -08:00
sendfile_test.rb Handle files from ActionDispatch::Static with Rack::Sendfile (fixes #5225) 2012-03-03 20:46:56 +01:00
session_test.rb config.force_ssl should mark the session as secure. 2012-01-13 19:54:37 +01:00