Today I got a bunch of error messages with a user probing the login page
for api information using urls like
/account/login.wsdl
/account/login.aspx
To me this should be a 404 rather than an application error. However the
route matches the standard rails routing line
map.connect ‘:controller/:action.:format’
and then fails in the action with a Missing Template error as I don’t
have, and never will, a template
login.wsdl.erb
I tried explicitly setting the template in the action with
render :template => “login.html.erb” and return
but still get the Missing Template login.wsdl.erb error.
I tried throwing this at a few high profile rails sites like 37signals
or twitter and they don’t crash. How can you close this hole?
Cheers,
Sam
On Feb 25, 2008, at 8:24 PM, Sam G. wrote:
map.connect ‘:controller/:action.:format’
Cheers,
Sam
Sam–
Are you using rescue_action_in_public in your ApplicationController?
You can override Rails’ default to render a login page, return a 404,
or whatever you prefer.
Steve R. wrote:
Are you using rescue_action_in_public in your ApplicationController?
You can override Rails’ default to render a login page, return a 404,
or whatever you prefer.
Bingo. For others reference the relevant parts of my app controller now
are (without formatting)
def render_404
respond_to do |format|
format.html {render :file => “#{RAILS_ROOT}/public/404.html”, :status =>
‘404 Not Found’}
format.all { render :nothing => true, :status => ‘404 Not Found’}
end
true
end
def rescue_action_in_public(exception)
case exception
when ::ActionController::UnknownAction, ActiveRecord::RecordNotFound,
::ActionController::RoutingError, ::ActionController::MissingTemplate
then
render_404
else
render_500
end
end