Say I have a destroy action configured as the following
map.foo ‘/foos/:id’, :controller => ‘foos’, :action => ‘show’,
:conditions => { :method => :get }
map.foo ‘/foos/:id’, :controller => ‘foos’, :action => ‘destroy’,
:conditions => { :method => :delete }
Get on foos/:id goes to show and delete on foos/:id goes to destroy.
Nice and restful so all good so far.
But now say if i have the following default route in my routes.rb
map.connect ‘:controller/:action/:id’
Now someone can explicitly type in the url http://…/foos/destroy/123
and it will go to my destroy action in controller foos although this
action should only be accessed by a POST/DELETE not a GET.
Is there anyway to prevent a get on that action other than checking
within the controller itself?
def destroy
return home_url unless method.delete?
…
end
Thanks!