GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  AMON2::PLUGIN::WEB::JSON (3)

.ds Aq ’

NAME

Amon2::Plugin::Web::JSON - JSON plugin

CONTENTS

SYNOPSIS



    use Amon2::Lite;

    __PACKAGE__->load_plugins(qw/Web::JSON/);

    get / => sub {
        my $c = shift;
        return $c->render_json(+{foo => bar});
    };

    __PACKAGE__->to_app();



DESCRIPTION

This is a JSON plugin.

METHODS

$c->render_json(\%dat); Generate JSON data from \%dat and returns instance of Plack::Response.

PARAMETERS

status_code_field It specify the field name of JSON to be embedded in the ’X-API-Status’ header. Default is undef. If you set the undef to disable this ’X-API-Status’ header.



    __PACKAGE__->load_plugins(
        Web::JSON => { status_code_field => status }
    );
    ...
    $c->render_json({ status => 200, message => ok })
    # send response header X-API-Status: 200



In general JSON API error code embed in a JSON by JSON API Response body. But can not be logging the error code of JSON for the access log of a general Web Servers. You can possible by using the ’X-API-Status’ header.

FAQ

How can I use JSONP? You can use JSONP by using Plack::Middleware::JSONP.

JSON and security

Browse the JSON files directly. This module escapes ’<’, ’>’, and ’+’ characters by \uXXXX form. Browser don’t detects the JSON as HTML.

And also this module outputs X-Content-Type-Options: nosniff header for IEs.

It’s good enough, I hope.

JSON Hijacking Latest browsers doesn’t have a JSON hijacking issue(I hope). __defineSetter__ or UTF-7 attack was resolved by browsers.

But Firefox<=3.0.x and Android phones have issue on Array constructor, see <http://d.hatena.ne.jp/ockeghem/20110907/p1>.

Firefox<=3.0.x was outdated. Web application developers doesn’t need to add work-around for it, see <http://en.wikipedia.org/wiki/Firefox#Version_release_table>.

Amon2::Plugin::Web::JSON have a JSON hijacking detection feature. Amon2::Plugin::Web::JSON returns 403 Forbidden response if following pattern request.
The request have ’Cookie’ header.
The request doesn’t have ’X-Requested-With’ header.
The request contains /android/i string in ’User-Agent’ header.
Request method is ’GET

See also the hasegawayosuke’s article(Japanese) <http://www.atmarkit.co.jp/fcoding/articles/webapp/05/webapp05a.html>.

FAQ

HOW DO YOU CHANGE THE HTTP STATUS CODE FOR JSON? render_json method returns instance of Plack::Response. You can modify the response object.

Here is a example code:



    get / => sub {
        my $c = shift;
        if (-f /tmp/maintenance) {
            my $res = $c->render_json({err => Under maintenance});
            $res->status(503);
            return $res;
        }
        return $c->render_json({err => undef});
    };



THANKS TO

hasegawayosuke
Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 AMON2::PLUGIN::WEB::JSON (3) 2016-04-03

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.