Rails is not assuming that it's a POST. The conditional logic in the controller ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ryanisnan on Nov 7, 2019 | parent | context | favorite | on: Bypassing GitHub's OAuth Flow with a Head Request

Rails is not assuming that it's a POST. The conditional logic in the controller explicitly checks for a get, and then else's otherwise. This is an unfortunate consequence of not having routing go to specific methods, e.g. `def post():`.

tptacek on Nov 7, 2019 [–]

Rails routing does go to specific methods ordinarily.

What's funny here is, apparently, .get? used to return true for HEAD requests.

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact