Rails 5.1 路由:动态 :action 参数
Rails 5.1 Routes: dynamic :action parameters
Rails 5.0.0.beta4 在包含动态 :action 和 :controller 段的路由上引入了弃用警告:
DEPRECATION WARNING: Using a dynamic :action segment in a route is deprecated and will be removed in Rails 5.1.
The commit message from this PR 状态:
Allowing :controller and :action values to be specified via the path
in config/routes.rb has been an underlying cause of a number of issues
in Rails that have resulted in security releases. In light of this
it's better that controllers and actions are explicitly whitelisted
rather than trying to blacklist or sanitize 'bad' values.
您如何处理 "whitelisting" 一组操作参数?我的路由文件中有以下内容,它们引发了弃用警告:
namespace :integrations do
get 'stripe(/:action)', controller: 'stripe', as: "stripe"
post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end
虽然有点麻烦,但最好的方法似乎是显式定义路由:
namespace :integrations do
namespace 'stripe' do
%w(auth webhook activate).each do |action|
get action, action: action
end
end
post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end
它是这样工作的:
get 'stripe(/:action)', controller: 'stripe', action: :action, as: "stripe"
和你的情况不一样,但我是这样做的:
class PagesController < ApplicationController
def index
render params[:path]
end
end
路线:
get ':path', to: 'pages#index'
我想如果我想要嵌套路径,我会使用 *:
get '*path', to: 'pages#index'
Rails 5.0.0.beta4 在包含动态 :action 和 :controller 段的路由上引入了弃用警告:
DEPRECATION WARNING: Using a dynamic :action segment in a route is deprecated and will be removed in Rails 5.1.
The commit message from this PR 状态:
Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
您如何处理 "whitelisting" 一组操作参数?我的路由文件中有以下内容,它们引发了弃用警告:
namespace :integrations do
get 'stripe(/:action)', controller: 'stripe', as: "stripe"
post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end
虽然有点麻烦,但最好的方法似乎是显式定义路由:
namespace :integrations do
namespace 'stripe' do
%w(auth webhook activate).each do |action|
get action, action: action
end
end
post 'stripe/deactivate', controller: 'stripe', action: 'deactivate'
end
它是这样工作的:
get 'stripe(/:action)', controller: 'stripe', action: :action, as: "stripe"
和你的情况不一样,但我是这样做的:
class PagesController < ApplicationController
def index
render params[:path]
end
end
路线:
get ':path', to: 'pages#index'
我想如果我想要嵌套路径,我会使用 *:
get '*path', to: 'pages#index'