Menu
How do I prevent users from calling a method "doAction" in my controller using GET requests? I only want it to be called using POST requests?
I heard I need to use "verify" but I'm unsure where to put that code, or how I need to use it.
984
You can specify which methods are allowed for any action in your routes.rb.
Rails 2:
map.connect '/posts/doAction', :controller => 'posts,
:action => 'doAction',
:conditions => { :method => :post }
Rails 3:
match 'posts/doAction' => "posts#doAction', :via => :post
post 'posts/doAction', :to => "posts#doAction'
You can add a constraint to the route in routes.rb.
match "/doAction" => "controller#doAction", :via => :post
Refer to http://guides.rubyonrails.org/routing.html for more.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
