Following this question, I'd like to know if there is a way to override that new rails behaviour. I run into a security issue with a forgotten view, that was suddenly exposed although the action was not defined in my Controller. I think it'd be better to stop Rails from rendering those not-defined actions and after that cleaning my unused views.
Asked
Active
Viewed 562 times
1 Answers
2
Change your routes for that controller to not route to those actions.
resources :users, :except => [:index, :destroy]
resources :sessions, :only => [:new, :create, :destroy]
Those routes will become non-routable even if the views exists, you can then deal with the views as needed.
nmott
- 9,454
- 3
- 45
- 34
-
Thanks ! that's really a workaround, but it would imply checking all the routes in a big project can be a decent ammount of work. I was wondering if this behaviour could be switch of with configuration... – dgilperez Jan 17 '12 at 14:35
-
@dgilperez, Fair enough. Unfortunately I don't have the answer to that one up my sleeve. Good luck with it. – nmott Jan 18 '12 at 10:10
-
just checking old questions, I ended up thinking this was the way to go. Marking as answered, better late than never :) – dgilperez Jan 27 '15 at 14:58