From 74eb83587dd9c2e566e053cc0d33bb7aff517f01 Mon Sep 17 00:00:00 2001
From: Azul <azul@riseup.net>
Date: Fri, 17 Mar 2017 16:33:32 +0100
Subject: bugfix: format: html for home roots

That's the only thing the controller handles meaningful.
Before the route would also catch anything that started with a . interpreting
it as a format string. This lead to lots of false positives in our security
scanner.
---
 config/routes.rb | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/routes.rb b/config/routes.rb
index d388ab7..de328db 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -3,8 +3,11 @@ LeapWeb::Application.routes.draw do
   # Please do not use root_path or root_url. Use home_path and home_url instead,
   # so that the path will be correctly prefixed with the locale.
   #
-  root :to => "home#index"
-  get '(:locale)' => 'home#index', :locale => CommonLanguages.match_available, :as => 'home'
+
+  scope format: 'html' do
+    root :to => "home#index"
+    get '(:locale)' => 'home#index', :locale => CommonLanguages.match_available, :as => 'home'
+  end
 
   #
   # HTTP Error Handling
-- 
cgit v1.2.3