By DeepSource

Avoid use of match in Rails routes with single request type RB-LI1104

Anti-pattern Autofix

Don’t use match to define any routes unless there is a need to map multiple request types among [:get, :post, :patch, :put, :delete] to a single action using the :via option.

Routing both GET and POST requests to a single action has security implications. In general, you should avoid routing all verbs to an action unless you have a good reason to.

Bad practice

match ':controller/:action/:id'
match 'photos/:id', to: 'photos#show', via: :get


get ':controller/:action/:id'
get 'photos/:id', to: 'photos#show'
match 'photos/:id', to: 'photos#show', via: [:post, :edit]
match 'photos/:id', to: 'photos#show', via: :all
match 'photos/:id', to: PhotosController.action(:show), via: :get


  1. match API reference