Merge pull request #104 from notzippy/log-update

Prerelease items

harness/reflect.go

@@ -498,7 +498,7 @@ func appendAction(fset *token.FileSet, mm methodMap, decl ast.Decl, pkgImportPat
 		}
 
 		// Add this call's args to the renderArgs.
-		pos := fset.Position(callExpr.Rparen)
+		pos := fset.Position(callExpr.Lparen)
 		methodCall := &methodCall{
 			Line:  pos.Line,
 			Names: []string{},

revel/skeleton/app/init.go

@@ -38,9 +38,8 @@ func init() {
 }
 
 // HeaderFilter adds common security headers
-// TODO turn this into revel.HeaderFilter
-// should probably also have a filter for CSRF
-// not sure if it can go in the same filter or not
+// There is a full implementation of a CSRF filter in
+// https://github.com/revel/modules/tree/master/csrf
 var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
 	c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
 	c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")

revel/skeleton/conf/routes

@@ -15,5 +15,12 @@ GET     /favicon.ico                            404
 # Map static resources from the /app/public folder to the /public path
 GET     /public/*filepath                       Static.Serve("public")
 
-# Catch all
-*       /:controller/:action                    :controller.:action
+# Catch all, this will route any request into the controller path
+#
+#                    **** WARNING ****
+# Enabling this exposes any controller and function to the web.
+# ** This is a serious security issue if used online **
+#
+# For rapid development uncomment the following to add new controller.action endpoints
+# without having to add them to the routes table.
+# *       /:controller/:action                    :controller.:action