bugfix: format: html for home roots

That's the only thing the controller handles meaningful. Before the route would also catch anything that started with a . interpreting it as a format string. This lead to lots of false positives in our security scanner.
author: Azul <azul@riseup.net> 2017-03-17 16:33:32 +0100
committer: Azul <azul@riseup.net> 2017-03-20 09:01:14 +0100
commit: 74eb83587dd9c2e566e053cc0d33bb7aff517f01 (patch)
tree: 61d36ef66310be7bd4f79cf88fec12bee63f61c7 /config
parent: 1a69dc86077e5bbde4b6a8f181e5711384c1f253 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/config/routes.rb b/config/routes.rb
index d388ab7..de328db 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,8 +3,11 @@ LeapWeb::Application.routes.draw do
   # Please do not use root_path or root_url. Use home_path and home_url instead,
   # so that the path will be correctly prefixed with the locale.
   #
-  root :to => "home#index"
-  get '(:locale)' => 'home#index', :locale => CommonLanguages.match_available, :as => 'home'
+
+  scope format: 'html' do
+    root :to => "home#index"
+    get '(:locale)' => 'home#index', :locale => CommonLanguages.match_available, :as => 'home'
+  end
 
   #
   # HTTP Error Handling
author	Azul <azul@riseup.net>	2017-03-17 16:33:32 +0100
committer	Azul <azul@riseup.net>	2017-03-20 09:01:14 +0100
commit	74eb83587dd9c2e566e053cc0d33bb7aff517f01 (patch)
tree	61d36ef66310be7bd4f79cf88fec12bee63f61c7 /config
parent	1a69dc86077e5bbde4b6a8f181e5711384c1f253 (diff)