On May 23, 2008, at 5:21 PM, Brendan Taylor wrote:
You missed PUT :)
I can imagine situations where you'd want to be able to use more
esoteric HTTP methods (like OPTIONS, or any of WebDAV's many extension
methods). I don't have a better solution though, and this may be Good
Enoughâ„¢.
Indeed.
You at least want to allow what's in the HTTP spec -- that's HEAD,
TRACE, OPTIONS, and CONNECT, on top of the GET/POST/PUT/DELETE.
-- Eric
On Fri, May 23, 2008 at 7:21 PM, Brendan Taylor <[EMAIL PROTECTED]> wrote:
> On Fri, May 23, 2008 at 04:20:21PM +1000, Bluebie, Jenna wrote:
>> This should he
On Fri, May 23, 2008 at 04:20:21PM +1000, Bluebie, Jenna wrote:
> This should help. include Camping::ControllerSecurity in your controllers
> module or your Camping (or whatever Camping.goes has turned it in to)
> module, after requiring this:
>
>> module Camping
>> module ControllerSecurity
>>
On Fri, May 23, 2008 at 12:16:15PM +0200, Magnus Holm wrote:
> Do you think we should add a protection inside Camping too?
No, if Rack comes with Rack::Lint and Camping now depends on Rack,
then it'd be redundant to have it in Camping as well, you know?
_why
__
On May 22, 2008, at 10:46 PM, Bluebie, Jenna wrote:
We've just come across an issue for consideration. I am avoiding
some words which would allow people to find this message in an
internet search who have questionable intentions, but wish to
communicate a strong sense of caution. Consider
Yeah I think it'd be good, or if not just make it not work on helper
methods, just class methods in the controller, then it wouldn't be so
nasty and unexpected.
It's good to hear i'm safe behind apache.
On 23/05/2008, at 8:16 PM, Magnus Holm wrote:
Good find!
1. If you run that on a real
Good find!
1. If you run that on a real HTTP server (Apache, Nginx etc.) it will
just ignore it.
Remember that Mongrel/Thin should be served behind a proxy and are "lazy"
about checking valid request.
2. A cool thing with the Rack-rewrite is that you can use Rack::Lint to validate
the requ
This should help. include Camping::ControllerSecurity in your
controllers module or your Camping (or whatever Camping.goes has
turned it in to) module, after requiring this:
module Camping
module ControllerSecurity
def service(*a)
@method = 'get' unless ['get', 'post', 'delete',
8 matches
Mail list logo
