No description, website, or topics provided.
Perl
Switch branches/tags
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib/Amon2/Plugin/Web
t
.gitignore
.travis.yml
Build.PL
Changes
LICENSE
META.json
README.md
cpanfile
minil.toml

README.md

NAME

Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter

SYNOPSIS

package MyApp::Web;
use Amon2::Web;

__PACKAGE__->load_plugin('Web::CSRFDefender');

DESCRIPTION

This plugin denies CSRF request.

Do not use this with HTTP::Session2. Because HTTP::Session2 has XSRF token management function by itself.

METHODS

  • $c->get_csrf_defender_token()

    Get a CSRF defender token. This method is useful to add token for AJAX request.

  • $c->validate_csrf()

    You can validate CSRF token manually.

PARAMETERS

  • no_validate_hook

    Do not run validation automatically.

  • no_html_filter

    Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element.

    It's very useful but it hits performance issue if your site is very high traffic.

  • csrf_token_generator

    You can change the csrf token generation algorithm.

LICENSE

Copyright (C) Tokuhiro Matsuno.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Tokuhiro Matsuno tokuhirom@gmail.com

THANKS TO

Kazuho Oku and mala for security advice.

SEE ALSO

Amon2