Today I got a bunch of error messages with a user probing the login page for api information using urls like /account/login.wsdl /account/login.aspx To me this should be a 404 rather than an application error. However the route matches the standard rails routing line map.connect '':controller/:action.:format'' and then fails in the action with a Missing Template error as I don''t have, and never will, a template login.wsdl.erb I tried explicitly setting the template in the action with render :template => "login.html.erb" and return but still get the Missing Template login.wsdl.erb error. I tried throwing this at a few high profile rails sites like 37signals or twitter and they don''t crash. How can you close this hole? Cheers, Sam -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Feb 25, 2008, at 8:24 PM, Sam Giffney wrote:> > Today I got a bunch of error messages with a user probing the login > page > for api information using urls like > /account/login.wsdl > /account/login.aspx > > To me this should be a 404 rather than an application error. However > the > route matches the standard rails routing line > map.connect '':controller/:action.:format'' > and then fails in the action with a Missing Template error as I don''t > have, and never will, a template > login.wsdl.erb > > I tried explicitly setting the template in the action with > render :template => "login.html.erb" and return > but still get the Missing Template login.wsdl.erb error. > > I tried throwing this at a few high profile rails sites like 37signals > or twitter and they don''t crash. How can you close this hole? > > Cheers, > SamSam-- Are you using rescue_action_in_public in your ApplicationController? You can override Rails'' default to render a login page, return a 404, or whatever you prefer. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Steve Ross wrote:> Are you using rescue_action_in_public in your ApplicationController? > You can override Rails'' default to render a login page, return a 404, > or whatever you prefer.Bingo. For others reference the relevant parts of my app controller now are (without formatting) def render_404 respond_to do |format| format.html {render :file => "#{RAILS_ROOT}/public/404.html", :status => ''404 Not Found''} format.all { render :nothing => true, :status => ''404 Not Found''} end true end def rescue_action_in_public(exception) case exception when ::ActionController::UnknownAction, ActiveRecord::RecordNotFound, ::ActionController::RoutingError, ::ActionController::MissingTemplate then render_404 else render_500 end end -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---