[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#680071: ITP: libplack-middleware-csrfblock-perl -- Plack middleware to block CSRF (cross-site request forgery)

Package: wnpp
Owner: Michael Stapelberg <stapelberg@debian.org>
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-perl@lists.debian.org

* Package name    : libplack-middleware-csrfblock-perl
  Version         : 0.03
  Upstream Author : Rintaro Ishizaki <rintaro@cpan.org>
* URL             : http://search.cpan.org/dist/Plack-Middleware-CSRFBlock/
* License         : Artistic or GPL-1+
  Programming Lang: Perl
  Description     : Plack middleware to block CSRF (cross-site request forgery)

This middleware blocks CSRF. You can use this middleware without any
modifications to your application, in most cases.

When the application response content-type is "text/html" or
"application/xhtml+xml", this middleware inserts a hidden input tag that
contains a token string into all POST-forms found in the response body.

For every POST requests, this middleware ensures that the input parameters
contain the collect token parameter. If not found, the middleware throws an
HTTP error 403 (Forbidden) and the forged request does not even reach your

Reply to: