URL routing problems

[forevermatt]

For some reason, doing a POST /user/ (with a trailing slash) gets mapped to UserController->actionIndex(), returning the list of all users.

In addition, it seems to accept things like POST /user/create and map it to UserController->actionCreate(), even though we neither want that nor have a URL rule pattern that should cause that to work. That should return a 404 as far as I can tell.

Given that those URL paths are being routed to controller actions without us specifically telling them to, we may have this problem in other Yii2 websites.