From feb08984ea5517db5780a88584929feac1cafb59 Mon Sep 17 00:00:00 2001
From: Clemens Kofler <clemens@railway.at>
Date: Wed, 9 Jul 2008 21:41:03 +0200
Subject: Added notes to Routing documentation and routes.rb regarding defaults
 routes opening the whole application for GET requests

Signed-off-by: Michael Koziarski <michael@koziarski.com>
---
 actionpack/lib/action_controller/routing.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'actionpack/lib')

diff --git a/actionpack/lib/action_controller/routing.rb b/actionpack/lib/action_controller/routing.rb
index 8846dcc504..dfbaa53b7c 100644
--- a/actionpack/lib/action_controller/routing.rb
+++ b/actionpack/lib/action_controller/routing.rb
@@ -88,6 +88,10 @@ module ActionController
   #
   #   map.connect ':controller/:action/:id', :action => 'show', :defaults => { :page => 'Dashboard' }
   #
+  # Note: The default routes, as provided by the Rails generator, make all actions in every
+  # controller accessible via GET requests. You should consider removing them or commenting
+  # them out if you're using named routes and resources.
+  #
   # == Named routes
   #
   # Routes can be named with the syntax <tt>map.name_of_route options</tt>,
-- 
cgit v1.2.3