{"id":3265,"date":"2009-11-21T01:14:41","date_gmt":"2009-11-20T17:14:41","guid":{"rendered":"http:\/\/ihower.tw\/blog\/?p=3265"},"modified":"2009-11-21T02:12:18","modified_gmt":"2009-11-20T18:12:18","slug":"why-not-use-default-route","status":"publish","type":"post","link":"https:\/\/ihower.tw\/blog\/3265-why-not-use-default-route","title":{"rendered":"Why &#8220;Not use default route&#8221;?"},"content":{"rendered":"<p>In my <a href=\"http:\/\/ihower.tw\/blog\/archives\/3075\">Rails Best Practices<\/a> slides, I only give simple code without any description (unless you heard my talk :p), so let me explain here.<\/p>\n<p>my point is: &#8220;If you use RESTful design, you should NOT use default route.&#8221; Why?<\/p>\n<p>For example:<\/p>\n<p><code><br \/>\n   map.resources :users<br \/>\n   map.connect ':controller\/:action\/:id'<br \/>\n   map.connect ':controller\/:action\/:id.:format'<br \/>\n<\/code><\/p>\n<p>You expect only &#8220;PUT \/users\/1&#8221; will update user data,  but because you keep default route, so &#8220;GET \/users\/update\/1?user[email]=<a href=\"mailto:foobar@example.org\" class=\"autohyperlink\">foobar@example.org<\/a>&#8221; still works!!  <\/p>\n<p>In the same way, &#8220;GET \/users\/create&#8221; and &#8220;GET \/users\/destroy\/1&#8221; works too!! Even worse, the latter can create\/update\/destroy data without Request Forgery Protection :\/ Rails does not  check <a href=\"http:\/\/en.wikipedia.org\/wiki\/Cross-site_request_forgery\">CRSF<\/a> for HTTP GET.<\/p>\n<p>Conclusion: Remove default route, use purely resource-based routes and named routes for special purpose.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In my Rails Best Practices slides, I only give simple c &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/ihower.tw\/blog\/3265-why-not-use-default-route\" class=\"more-link\">\u95b1\u8b80\u5168\u6587<span class=\"screen-reader-text\">\u3008Why &#8220;Not use default route&#8221;?\u3009<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[53,40],"tags":[],"class_list":["post-3265","post","type-post","status-publish","format-standard","hentry","category-rails","category-security","entry"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1q6tG-QF","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/posts\/3265","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/comments?post=3265"}],"version-history":[{"count":29,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/posts\/3265\/revisions"}],"predecessor-version":[{"id":3296,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/posts\/3265\/revisions\/3296"}],"wp:attachment":[{"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/media?parent=3265"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/categories?post=3265"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ihower.tw\/blog\/wp-json\/wp\/v2\/tags?post=3265"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}