Removed the catch all route, and added comment about security issue

2026-01-23 15:31:26 +00:00 · 2017-10-22 09:31:18 -07:00
parent 2d4ccf289c
commit 29c6237caf
2 changed files with 11 additions and 5 deletions
--- a/revel/skeleton/conf/routes
+++ b/revel/skeleton/conf/routes
@@ -15,5 +15,12 @@ GET     /favicon.ico                            404
 # Map static resources from the /app/public folder to the /public path
 GET     /public/*filepath                       Static.Serve("public")

-# Catch all
-*       /:controller/:action                    :controller.:action
+# Catch all, this will route any request into the controller path
+#
+#                    **** WARNING ****
+# Enabling this exposes any controller and function to the web.
+# ** This is a serious security issue if used online **
+#
+# For rapid development uncomment the following to add new controller.action endpoints
+# without having to add them to the routes table.
+# *       /:controller/:action                    :controller.:action