Potential for HTTP verb confusion detected.

Description

Rails uses the same actions for both GET and HEAD requests. When creating actions that handle both GET and state altering verbs (eg. POST), the use of request.get? can lead to unexpected state changes.

Remediations

✅ Use separate action logic for GET and POST

✅ Check for state altering verbs rather than GET:

if request.post?
alter_state
end

Associated CWE

OWASP Top 10