Set cookie after detecting if the page is html #12

Closed
vti opened this Issue Aug 20, 2014 · 0 comments

2 participants

@vti

When static files are served via Plack the session cookie is replaced with a new value on every request thus making it different from the hidden input. I suggest setting the cookie AFTER checking if it's an html:

So this (lines 114-129):

https://metacpan.org/source/CHISEL/Plack-Middleware-XSRFBlock-0.0.6/lib/Plack/Middleware/XSRFBlock.pm#L114

Should go after (line 138):

https://metacpan.org/source/CHISEL/Plack-Middleware-XSRFBlock-0.0.6/lib/Plack/Middleware/XSRFBlock.pm#L138

@chiselwright chiselwright self-assigned this Aug 20, 2014
@chiselwright chiselwright added a commit that closed this issue Aug 25, 2014
@chiselwright Set cookie once we know we have HTML
This should resolve
#12
7b607ad
@chiselwright chiselwright added a commit that referenced this issue Aug 28, 2014
@chiselwright v0.0.7
 - Set cookie once we know we have HTML (issue #12)
 - Update POD docs with inject_form_input field docs (pull #10)
9db6f46
@chiselwright chiselwright added a commit that referenced this issue Aug 28, 2014
@chiselwright v0.0.7
 - Set cookie once we know we have HTML (issue #12)
 - Update POD docs with inject_form_input field docs (pull #10)
152f34f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment