Bug#680071: ITP: libplack-middleware-csrfblock-perl -- Plack middleware to block CSRF (cross-site request forgery)

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#680071: ITP: libplack-middleware-csrfblock-perl -- Plack middleware to block CSRF (cross-site request forgery)
From: Michael Stapelberg <stapelberg@debian.org>
Date: Tue, 03 Jul 2012 13:10:10 +0200
Message-id: <[🔎] 20120703111010.873DB3EAB2A@midna.zekjur.net>
Reply-to: Michael Stapelberg <stapelberg@debian.org>, 680071@bugs.debian.org

Package: wnpp
Owner: Michael Stapelberg <stapelberg@debian.org>
Severity: wishlist
X-Debbugs-CC: debian-devel@lists.debian.org,debian-perl@lists.debian.org

* Package name    : libplack-middleware-csrfblock-perl
  Version         : 0.03
  Upstream Author : Rintaro Ishizaki <rintaro@cpan.org>
* URL             : http://search.cpan.org/dist/Plack-Middleware-CSRFBlock/
* License         : Artistic or GPL-1+
  Programming Lang: Perl
  Description     : Plack middleware to block CSRF (cross-site request forgery)

This middleware blocks CSRF. You can use this middleware without any
modifications to your application, in most cases.

When the application response content-type is "text/html" or
"application/xhtml+xml", this middleware inserts a hidden input tag that
contains a token string into all POST-forms found in the response body.

For every POST requests, this middleware ensures that the input parameters
contain the collect token parameter. If not found, the middleware throws an
HTTP error 403 (Forbidden) and the forged request does not even reach your
application.

Reply to:

Prev by Date: Bug#680061: ITP: clean - The Clean language compiler
Next by Date: Bug#680085: RFP: python-rarfile -- RAR archive reader module for Python
Previous by thread: Bug#680061: ITP: clean - The Clean language compiler
Next by thread: Bug#680085: RFP: python-rarfile -- RAR archive reader module for Python
Index(es):
- Date
- Thread