mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
56cdc81c08
In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964 |
||
---|---|---|
.. | ||
abstract | ||
activerecord | ||
assertions | ||
controller | ||
dispatch | ||
fixtures | ||
lib/controller | ||
routing | ||
template | ||
tmp | ||
abstract_unit.rb | ||
active_record_unit.rb | ||
ts_isolated.rb |