GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  AMON2::PLUGIN::WEB::CSRFDEFENDER (3)

.ds Aq ’

NAME

Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter

CONTENTS

SYNOPSIS



    package MyApp::Web;
    use Amon2::Web;

    __PACKAGE__->load_plugin(Web::CSRFDefender);



DESCRIPTION

This plugin denies CSRF request.

Do not use this with HTTP::Session2. Because HTTP::Session2 has XSRF token management function by itself.

METHODS

$c->get_csrf_defender_token() Get a CSRF defender token. This method is useful to add token for AJAX request.
$c->validate_csrf() You can validate CSRF token manually.

PARAMETERS

no_validate_hook Do not run validation automatically.
no_html_filter Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element.

It’s very useful but it hits performance issue if your site is very high traffic.

csrf_token_generator You can change the csrf token generation algorithm.

LICENSE

Copyright (C) Tokuhiro Matsuno.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Tokuhiro Matsuno <tokuhirom@gmail.com>

THANKS TO

Kazuho Oku and mala for security advice.

SEE ALSO

Amon2
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 AMON2::PLUGIN::WEB::CSRFDEFENDER (3) 2014-09-22

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.