[英]How to only allow POST Requests in Rails?
How do I prevent users from calling a method "doAction" in my controller using GET requests? 如何阻止用户使用GET请求在我的控制器中调用方法“doAction”? I only want it to be called using POST requests? 我只想用POST请求调用它?
I heard I need to use "verify" but I'm unsure where to put that code, or how I need to use it. 我听说我需要使用“验证”,但我不确定在哪里放置代码,或者我需要如何使用它。
You can specify which methods are allowed for any action in your routes.rb
. 您可以指定routes.rb
任何操作允许的方法。
Rails 2: Rails 2:
map.connect '/posts/doAction', :controller => 'posts,
:action => 'doAction',
:conditions => { :method => :post }
Rails 3: Rails 3:
match 'posts/doAction' => "posts#doAction', :via => :post
post 'posts/doAction', :to => "posts#doAction'
You can add a constraint to the route in routes.rb
. 您可以在routes.rb
为路径添加约束。
match "/doAction" => "controller#doAction", :via => :post
Refer to http://guides.rubyonrails.org/routing.html for more. 有关更多信息,请参阅http://guides.rubyonrails.org/routing.html 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.