Hi,
I'm using authentication with a :before_filter for controller actions I want to restrict. I see that I'll want to authenticate GET request actions, but what about PUT, DELETE, POST requests? Can anyone 'get' to these latter requests if all GET requests on a resource are authenticated? In this same vein, how about covering ajax actions?
(The reason I don't want to just protect everything is I don't want to add tests unnecessarily...)
Thanks,
Lille