Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Update POD docs with new field #10

Merged
merged 1 commit into from

3 participants

@throughnothing

Oops, should have included this with the last PR!

@ironcamel
$self->inject_form_input(1) unless defined $self->inject_form_input;
@chiselwright chiselwright self-assigned this
@chiselwright
Owner

I'm in a far away land for a couple of weeks. I'll probably merge this one nearer the end of the month (the Android app for github doesn't have an obvious way to do this)

@chiselwright chiselwright merged commit 75acc40 into from
@chiselwright chiselwright referenced this pull request from a commit
@chiselwright v0.0.7
 - Set cookie once we know we have HTML (issue #12)
 - Update POD docs with inject_form_input field docs (pull #10)
9db6f46
@chiselwright chiselwright referenced this pull request from a commit
@chiselwright v0.0.7
 - Set cookie once we know we have HTML (issue #12)
 - Update POD docs with inject_form_input field docs (pull #10)
152f34f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
Showing with 11 additions and 2 deletions.
  1. +11 −2 lib/Plack/Middleware/XSRFBlock.pm
View
13 lib/Plack/Middleware/XSRFBlock.pm
@@ -31,8 +31,7 @@ sub prepare_app {
$self->parameter_name( $self->parameter_name || 'xsrf_token' );
# default to 1 so we inject hidden inputs to forms
- $self->inject_form_input(
- defined($self->inject_form_input) ? $self->inject_form_input : 1 );
+ $self->inject_form_input(1) unless defined $self->inject_form_input;
# store the cookie_name
$self->cookie_name( $self->cookie_name || 'PSGI-XSRF-Token' );
@@ -306,6 +305,7 @@ You may also over-ride any, or all of these values:
cookie_expiry_seconds => (3 * 60 * 60),
token_per_request => 0,
meta_tag => undef,
+ inject_form_input => 1,
header_name => undef,
blocked => sub {
return [ $status, $headers, $body ]
@@ -351,6 +351,15 @@ section of output pages.
This is useful when you are using javascript that requires access to the token
value for making AJAX requests.
+=item inject_form_input (default: 1)
+
+If this is unset, hidden inputs will not be injected into your forms, and no
+HTML parsing will be done on the page responses.
+
+This can be useful if you only do AJAX requests, and can utilize headers
+and/or cookies instead, and not need the extra overhead of processing
+the HTML document every time.
+
=item header_name (default: undef)
If this is set, use the value as the name of the response heaer that the token
Something went wrong with that request. Please try again.