How to only allow POST Requests in Rails?
Question
How do I prevent users from calling a method "doAction" in my controller using GET requests? I only want it to be called using POST requests?
I heard I need to use "verify" but I'm unsure where to put that code, or how I need to use it.
2 answers
solution1
8 ACCPTED 2011-08-20 03:29:06
You can specify which methods are allowed for any action in your routes.rb .
Rails 2:
map.connect '/posts/doAction', :controller => 'posts,
:action => 'doAction',
:conditions => { :method => :post }
Rails 3:
match 'posts/doAction' => "posts#doAction', :via => :post
post 'posts/doAction', :to => "posts#doAction'
solution2
4 2011-08-20 03:28:14
You can add a constraint to the route in routes.rb .
match "/doAction" => "controller#doAction", :via => :post
Refer to http://guides.rubyonrails.org/routing.html for more.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to allow only the author of a post edit or delete it in Ruby on Rails?
How to handle or prevent “Only post requests are allowed” error in Ruby on Rails?
In ruby on rails How to allow users to Create a post only Sunday(one day) rest of the weekday make create post not allow
Rails RESTful API + support for clients that only allow GET/POST - Is it possible?
Reference a Rails route which only accepts post requests?
Rails - How to - Allow login only if a boolean is present
Rails POST requests
How do I edit .htaccess to allow both rails and wordpress requests?
Rails: How to only allow User to apply to job only once?
How can I send POST requests in a secure manner to a Rails application?
Related Tags