You at least want to allow what's in the HTTP spec -- that's HEAD, TRACE, OPTIONS, and CONNECT, on top of the GET/POST/PUT/DELETE.
-- Eric On Fri, May 23, 2008 at 7:21 PM, Brendan Taylor <[EMAIL PROTECTED]> wrote: > On Fri, May 23, 2008 at 04:20:21PM +1000, Bluebie, Jenna wrote: >> This should help. include Camping::ControllerSecurity in your controllers >> module or your Camping (or whatever Camping.goes has turned it in to) >> module, after requiring this: >> >>> module Camping >>> module ControllerSecurity >>> def service(*a) >>> @method = 'get' unless ['get', 'post', 'delete', >>> 'head'].include?(@method.to_s.downcase) >>> super(*a) >>> end >>> end >>> end >> >> >> And the world should feel safe again, I think. I haven't really tested it >> properly, but what could go wrong? It certainly isn't making my app break. > > You missed PUT :) > > I can imagine situations where you'd want to be able to use more > esoteric HTTP methods (like OPTIONS, or any of WebDAV's many extension > methods). I don't have a better solution though, and this may be Good > Enoughâ„¢. > > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list > _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
