mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
56cdc81c08
In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 |
||
---|---|---|
.. | ||
middleware_stack | ||
request | ||
session | ||
callbacks_test.rb | ||
cookies_test.rb | ||
debug_exceptions_test.rb | ||
header_test.rb | ||
mapper_test.rb | ||
middleware_stack_test.rb | ||
mime_type_test.rb | ||
mount_test.rb | ||
prefix_generation_test.rb | ||
rack_cache_test.rb | ||
rack_test.rb | ||
reloader_test.rb | ||
request_id_test.rb | ||
request_test.rb | ||
response_test.rb | ||
routing_assertions_test.rb | ||
routing_test.rb | ||
show_exceptions_test.rb | ||
ssl_test.rb | ||
static_test.rb | ||
test_request_test.rb | ||
test_response_test.rb | ||
uploaded_file_test.rb | ||
url_generation_test.rb |