README.md
1# NAME
2
3Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter
4
5# SYNOPSIS
6
7 package MyApp::Web;
8 use Amon2::Web;
9
10 __PACKAGE__->load_plugin('Web::CSRFDefender');
11
12# DESCRIPTION
13
14This plugin denies CSRF request.
15
16Do not use this with [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2). Because [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2) has XSRF token management function by itself.
17
18# METHODS
19
20- $c->get\_csrf\_defender\_token()
21
22 Get a CSRF defender token. This method is useful to add token for AJAX request.
23
24- $c->validate\_csrf()
25
26 You can validate CSRF token manually.
27
28# PARAMETERS
29
30- no\_validate\_hook
31
32 Do not run validation automatically.
33
34- no\_html\_filter
35
36 Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element.
37
38 It's very useful but it hits performance issue if your site is very high traffic.
39
40- csrf\_token\_generator
41
42 You can change the csrf token generation algorithm.
43
44# LICENSE
45
46Copyright (C) Tokuhiro Matsuno.
47
48This library is free software; you can redistribute it and/or modify
49it under the same terms as Perl itself.
50
51# AUTHOR
52
53Tokuhiro Matsuno <tokuhirom@gmail.com>
54
55# THANKS TO
56
57Kazuho Oku and mala for security advice.
58
59# SEE ALSO
60
61[Amon2](https://metacpan.org/pod/Amon2)
62