1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
rails--rails/guides/source
Jose and Yehuda 56cdc81c08 Remove default match without specified method
In the current router DSL, using the +match+ DSL
method will match all verbs for the path to the
specified endpoint.

In the vast majority of cases, people are
currently using +match+ when they actually mean
+get+. This introduces security implications.

This commit disallows calling +match+ without
an HTTP verb constraint by default. To explicitly
match all verbs, this commit also adds a
:via => :all option to +match+.

Closes #5964
2012-04-24 22:52:26 -05:00
..
kindle
2_2_release_notes.textile
2_3_release_notes.textile
3_0_release_notes.textile
3_1_release_notes.textile
3_2_release_notes.textile Grammar fix in 3.2 Release Notes guide 2012-04-11 17:10:21 -03:00
_license.html.erb
_welcome.html.erb
action_controller_overview.textile rewords the section about default_url_options in the Action Controller Overview guide 2012-04-09 18:26:23 +02:00
action_mailer_basics.textile
action_view_overview.textile Remove unnecessary in HTML 5 type attribute with default value 2012-04-05 15:32:37 +04:00
active_model_basics.textile
active_record_basics.textile
active_record_querying.textile Fix typo where a table name in a join was singular. 2012-04-16 16:22:40 -07:00
active_record_validations_callbacks.textile
active_support_core_extensions.textile
active_support_instrumentation.textile
ajax_on_rails.textile
api_documentation_guidelines.textile restores example depicting the use of true or false in regular font 2012-03-25 20:26:35 +02:00
asset_pipeline.textile Revert "add instructions for adding additional manifests" 2012-04-11 22:39:36 +05:30
association_basics.textile
caching_with_rails.textile Fix slightly awkward English in Action Caching section of Caching With Rails guide. 2012-04-05 17:30:15 +08:00
command_line.textile document -e argument for rails console 2012-03-24 17:24:22 -05:00
configuring.textile Add to guides info how to disable prepared statements 2012-04-19 11:27:26 +04:00
contributing_to_ruby_on_rails.textile Fix 'Everyday Git' link 2012-04-06 14:50:45 +05:30
credits.html.erb
debugging_rails_applications.textile
documents.yaml
engines.textile Merge branch 'master' of github.com:lifo/docrails 2012-04-04 12:42:22 +05:30
form_helpers.textile removed extra "you" 2012-04-19 14:52:21 -05:00
generators.textile
getting_started.textile Add validation code to getting started guide and improve validation 2012-04-21 12:17:51 +02:00
i18n.textile Better class name 2012-04-06 10:04:26 +01:00
index.html.erb
initialization.textile Revert "[ci skip] updated bin/rails code in Rails Initialization Process guide" 2012-03-27 21:08:08 +05:30
layout.html.erb Revert "in feedback solicitation text, correct that docrails is fork, not branch" 2012-04-21 22:52:38 +05:30
layouts_and_rendering.textile Remove unnecessary in HTML 5 type attribute with default value 2012-04-05 15:32:37 +04:00
migrations.textile Add "Using the change method" title back to make it stand out 2012-04-19 10:50:40 +02:00
nested_model_forms.textile
performance_testing.textile
plugins.textile
rails_application_templates.textile
rails_on_rack.textile lets not show too much output and shadow the intention [ci skip] 2012-04-05 22:28:47 +05:30
routing.textile Remove default match without specified method 2012-04-24 22:52:26 -05:00
ruby_on_rails_guides_guidelines.textile Merge branch 'master' of github.com:lifo/docrails 2012-03-24 17:15:10 +05:30
security.textile Fixed markup in security guide 2012-04-12 12:20:12 -03:00
testing.textile :success includes the whole 200 range, not just 200. 2012-04-01 08:39:57 -05:00
upgrading_ruby_on_rails.textile Revert "rails 4 will support ruby version 1.9.4 or higher" 2012-04-04 12:19:29 +05:30