• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

lib/Amon2/Plugin/Web/H03-May-2022-204145

t/H03-May-2022-452392

Build.PLH A D22-Sep-2014301 134

ChangesH A D22-Sep-2014716 2515

LICENSEH A D22-Sep-201418 KiB379292

MANIFESTH A D22-Sep-2014275 1616

META.jsonH A D22-Sep-20142.1 KiB8180

META.ymlH A D22-Sep-20141.1 KiB4443

README.mdH A D22-Sep-20141.3 KiB6232

cpanfileH A D22-Sep-2014382 1512

minil.tomlH A D22-Sep-2014121 74

README.md

1# NAME
2
3Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter
4
5# SYNOPSIS
6
7    package MyApp::Web;
8    use Amon2::Web;
9
10    __PACKAGE__->load_plugin('Web::CSRFDefender');
11
12# DESCRIPTION
13
14This plugin denies CSRF request.
15
16Do not use this with [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2). Because [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2) has XSRF token management function by itself.
17
18# METHODS
19
20- $c->get\_csrf\_defender\_token()
21
22    Get a CSRF defender token. This method is useful to add token for AJAX request.
23
24- $c->validate\_csrf()
25
26    You can validate CSRF token manually.
27
28# PARAMETERS
29
30- no\_validate\_hook
31
32    Do not run validation automatically.
33
34- no\_html\_filter
35
36    Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element.
37
38    It's very useful but it hits performance issue if your site is very high traffic.
39
40- csrf\_token\_generator
41
42    You can change the csrf token generation algorithm.
43
44# LICENSE
45
46Copyright (C) Tokuhiro Matsuno.
47
48This library is free software; you can redistribute it and/or modify
49it under the same terms as Perl itself.
50
51# AUTHOR
52
53Tokuhiro Matsuno <tokuhirom@gmail.com>
54
55# THANKS TO
56
57Kazuho Oku and mala for security advice.
58
59# SEE ALSO
60
61[Amon2](https://metacpan.org/pod/Amon2)
62