← Back to Upcase

Sessions route in routes.rb

(charlieanna) #1

How can I get out of the problem If the user accidently types in the browser? There is no get method defined on signout.

match ‘/signout’, to: ‘sessions#destroy’, via: ‘delete’ is how my route is defined. We can see there is no get method defined.

(Ben Orenstein) #5

That’s right. That’s intentional.

REST says that we shouldn’t have actions that change state be accessed by GET requests. GET requests should always be “safe”.

One reason why this is important is that web spiders will access any link that you have on your site that is a GET, because it shouldn’t break anything. If you had a link to “delete my whole database” accessible via a GET request, web spiders would happily click on that for you. But if they saw it needed to be a DELETE, they wouldn’t.

(charlieanna) #6

So instead of showing the users No route matches [GET] “/signout” error, can I show a 404 error?

(Ben Orenstein) #9

Actually, this will happen automatically.

When running in production mode, Rails will show a 404 when there is no matching routes.

(charlieanna) #10

Thanks Ben.