How do I prevent users from calling a method "doAction" in my controller using GET requests? I only want it to be called using POST requests?
I heard I need to use "verify" but I'm unsure where to put that code, or how I need to use it.
You can specify which methods are allowed for any action in your routes.rb
.
Rails 2:
map.connect '/posts/doAction', :controller => 'posts,
:action => 'doAction',
:conditions => { :method => :post }
Rails 3:
match 'posts/doAction' => "posts#doAction', :via => :post
post 'posts/doAction', :to => "posts#doAction'
You can add a constraint to the route in routes.rb
.
match "/doAction" => "controller#doAction", :via => :post
Refer to http://guides.rubyonrails.org/routing.html for more.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.