Although, there is nothing stopping someone from posting from a fake form or a script, or setting the method manually the way rails fudges posts from certain ajax calls, etc. I think what you want is to make the method protected, not private.
Shai Rosenfeld wrote:
I would definitely suggest figuring out why it's not working. The cold hard fact is that if you do not make a controller method protected or private, or implement some sort of authorization in a before filter that makes sure it's not called, it can be called by your users. It sounds like maybe you need to revisit the how you have your methods structured.
Vapor Rails wrote:
That error is simply stating that it can not find the template for that action. If you don’t specify a template to render, it will attempt to render a template for that action. You are either missing a template, or you are forgetting to render the correct one.
Vapor … wrote: