Posted about 7 years ago. Visible to the public.

Rails 2: Refuse response formats application-wide

If you regularly get ActionView::MissingTemplate exceptions, maybe some bot visits your site requesting silly formats like:

Copy
http://www.rails-app.com/makandra.html-username-2000 # => Rails tries to retrieve 'makandra' with format 'html-username-2000'

Just restrict accepted format parameters for the whole application like this:

Copy
class ApplicationController < ActionController::Base before_filter :refuse_silly_formats private def refuse_silly_formats acceptable_formats = %w[html xml pdf] if params[:format] unless acceptable_formats.include? params[:format].downcase Rails.logger.error "Format not supported: #{params[:format]}" head interpret_status(:not_acceptable) end end end end

Note: request.format more reliably tells the format, but includes Rails-required formats such as application/x-www-form-urlencoded (which we must not refuse). For our purposes, getting the format from the params is exactly what we need. You may also skip that before_filter for a certain controller/action.

Kudos to Peter Wagenet.

By refactoring problematic code and creating automated tests, makandra can vastly improve the maintainability of your Rails application.

Owner of this card:

Avatar
Dominik Schöler
Last edit:
about 7 years ago
About this deck:
We are makandra and do test-driven, agile Ruby on Rails software development.
License for source code
Posted by Dominik Schöler to makandra dev
This website uses short-lived cookies to improve usability.
Accept or learn more