From 3d4233004814ccc183436df604bef563bfad21a1 Mon Sep 17 00:00:00 2001
From: Deepender Singla <deependersingla@Deependers-MacBook-Pro.local>
Date: Tue, 29 Jul 2014 22:48:50 +0530
Subject: Get request should not write to database note added. [skip ci]

---
 guides/source/routing.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'guides')

diff --git a/guides/source/routing.md b/guides/source/routing.md
index 7a7334f25b..c56be7cc12 100644
--- a/guides/source/routing.md
+++ b/guides/source/routing.md
@@ -645,6 +645,8 @@ match 'photos', to: 'photos#show', via: :all
 
 NOTE: Routing both `GET` and `POST` requests to a single action has security implications. In general, you should avoid routing all verbs to an action unless you have a good reason to.
 
+NOTE: 'GET' in Rails doesn't check for CSRF token. You should never write to the database from 'GET' requests, for more information see the [security guide] (security.html#csrf-countermeasures) on CSRF countermeasures.
+
 ### Segment Constraints
 
 You can use the `:constraints` option to enforce a format for a dynamic segment:
-- 
cgit v1.2.3