Hi, I'm kind of new to rails, but I'm pretty sure it is suggested that you remove those defaults, and only create routes explicitly.
Thanks, Brandon > -----Original Message----- > From: [email protected] [mailto:rubyonrails- > [email protected]] On Behalf Of Rails Dude > Sent: Sunday, March 15, 2009 12:25 PM > To: [email protected] > Subject: [Rails] Question on routes and default routes > > > Say I have a destroy action configured as the following > > map.foo '/foos/:id', :controller => 'foos', :action => 'show', > :conditions => { :method => :get } > map.foo '/foos/:id', :controller => 'foos', :action => 'destroy', > :conditions => { :method => :delete } > > Get on foos/:id goes to show and delete on foos/:id goes to destroy. > Nice and restful so all good so far. > > But now say if i have the following default route in my routes.rb > > map.connect ':controller/:action/:id' > > Now someone can explicitly type in the url http://.../foos/destroy/123 > and it will go to my destroy action in controller foos although this > action should only be accessed by a POST/DELETE not a GET. > > Is there anyway to prevent a get on that action other than checking > within the controller itself? > > def destroy > return home_url unless method.delete? > ... > end > > Thanks! > -- > Posted via http://www.ruby-forum.com/. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
