DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now
Ruby

Ruby

Made by DeepSource
Use Analyzer

Avoid use of match in Rails routes with single request type RB-LI1104

Anti-pattern
Major
 Autofix

Don’t use match to define any routes unless there is a need to map multiple request types among [:get, :post, :patch, :put, :delete] to a single action using the :via option.

Routing both GET and POST requests to a single action has security implications. In general, you should avoid routing all verbs to an action unless you have a good reason to.

Bad practice

match ':controller/:action/:id'
match 'photos/:id', to: 'photos#show', via: :get

Recommended

get ':controller/:action/:id'
get 'photos/:id', to: 'photos#show'
match 'photos/:id', to: 'photos#show', via: [:post, :edit]
match 'photos/:id', to: 'photos#show', via: :all
match 'photos/:id', to: PhotosController.action(:show), via: :get

References

  1. match API reference