Find centralized, trusted content and collaborate around the technologies you use most.
Teams
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
是否使用了以下不良做法,是否会将您的控制器操作暴露给 CSRF 攻击?
match ':controller(/:action(/:id))(.:format)'
是的。看看verified_request?方法here。 它不验证GET请求的令牌。
verified_request?
GET
您必须在路由中指定 HTTP 动词。
match "something" => "controller#action", :via => :post