|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| Amon2::Plugin::Web::CSRFDefender(3) | User Contributed Perl Documentation | Amon2::Plugin::Web::CSRFDefender(3) |
NAME
Amon2::Plugin::Web::CSRFDefender - Anti CSRF filterSYNOPSIS
package MyApp::Web;
use Amon2::Web;
__PACKAGE__->load_plugin('Web::CSRFDefender');
DESCRIPTION
This plugin denies CSRF request.Do not use this with HTTP::Session2. Because HTTP::Session2 has XSRF token management function by itself.
METHODS
- $c->get_csrf_defender_token()
- Get a CSRF defender token. This method is useful to add token for AJAX request.
- $c->validate_csrf()
- You can validate CSRF token manually.
PARAMETERS
- no_validate_hook
- Do not run validation automatically.
- no_html_filter
- Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token
for each form element.
It's very useful but it hits performance issue if your site is very high traffic.
- csrf_token_generator
- You can change the csrf token generation algorithm.
LICENSE
Copyright (C) Tokuhiro Matsuno.This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
AUTHOR
Tokuhiro Matsuno <tokuhirom@gmail.com>THANKS TO
Kazuho Oku and mala for security advice.SEE ALSO
Amon2| 2014-09-22 | perl v5.32.1 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.