Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Perl
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib/Amon2/Plugin/Web
t
.gitignore
.travis.yml
Build.PL Initial import.
Changes
LICENSE
META.json
README.md
cpanfile
minil.toml Initial import.

README.md

NAME

Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter

SYNOPSIS

package MyApp::Web;
use Amon2::Web;

__PACKAGE__->load_plugin('Web::CSRFDefender');

DESCRIPTION

This plugin denies CSRF request.

Do not use this with HTTP::Session2. Because HTTP::Session2 has XSRF token management function by itself.

METHODS

  • $c->get_csrf_defender_token()

    Get a CSRF defender token. This method is useful to add token for AJAX request.

  • $c->validate_csrf()

    You can validate CSRF token manually.

PARAMETERS

  • no_validate_hook

    Do not run validation automatically.

  • no_html_filter

    Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element.

    It's very useful but it hits performance issue if your site is very high traffic.

  • csrf_token_generator

    You can change the csrf token generation algorithm.

LICENSE

Copyright (C) Tokuhiro Matsuno.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Tokuhiro Matsuno tokuhirom@gmail.com

THANKS TO

Kazuho Oku and mala for security advice.

SEE ALSO

Amon2

Something went wrong with that request. Please try again.