Changes - metacpan.org

Revision history for Plack-Middleware-XSRFBlock

0.0.19    2023-07-14 10:17:10+01:00 Europe/London
 - SECURITY FIX! when *not* using signed cookies, it was possible to
   bypass XSRFBlock by POSTing an empty form value and an empty cookie
 - bump minimum perl version to 5.12, most dependencies already
   require it

0.0.18    2023-07-13 10:16:20+01:00 Europe/London
 - when invoking the `blocked` callback/app, log as `info` instead of
   `error` (@pangyre) (#27)

0.0.17    2022-10-17 10:57:09+01:00 Europe/London
 - remove internal _token_generator (wasn't documented, couldn't
   really be changed without also changing invalid_signature, and
   produced a ref loop)

0.0.16    2018-07-25 14:23:36+01:00 Europe/London
 - don't use Data::Printer (@dakkar) (#24)

0.0.15    2018-07-24 13:44:11+01:00 Europe/London
 - fix contents_to_filter_regex (@dakkar) (#23)
 - simpler non-html test (@dakkar) (#23)

0.0.14    2018-07-23 17:18:03+01:00 Europe/London
 - limit munging to appropriate content-types (@dakkar) (#22)
 - allow blocking non-POST methods (@dakkar) (#22)

0.0.13    2018-07-23 12:01:27+01:00 Europe/London
 - Replace $@ with $msg (#19)
 - Add missing use statement (#20)
 - Update Build Status icon/badge
 - Travis: add 5.26 and 5.24 as versions to test with
 - Update Dist::Zilla used in Travis

0.0.12    2017-07-13 06:35:46-04:00 America/New_York
 - Refactor internals to make extensible (PR #17)
 - dzil: use Git::Contributors instead of ContributorsFromGit (PR #18)

0.0.11    2015-09-07 16:44:57+00:00 UTC

 - Allow coderefs in token (pull-request #16)

0.0.10    2015-07-18 23:03:26+01:00 Europe/London
 - add scripts for BuildKite testing
 - dzil: Replace NoTabsTests with Test::NoTabs
 - fix #15: Use magic comment to crowbar in an essential dependency
 - add magic comments for other author dependencies that aren't auto-detected
 - Add *skeleton* POD for methods
   This is a shockingly lazy way for me to get my dist to pass Pod::Coverage tests
 - re-arrange POD in file; so method POD appears in a sensible location
 - add (markdown) section of POD for build status to show (in github/README.mkdn)

0.0.9     2014-10-13 10:15:38+00:00 UTC
 - Optionally allow signed cookies escape token injected into html (pull #14)

0.0.8     2014-09-18 08:01:40+00:00 UTC
 - Add option to set XSRF token cookie as a session cookie (pull #13)

0.0.7     2014-08-28 16:51:04+00:00 UTC
 - Set cookie once we know we have HTML (issue #12)
 - Update POD docs with inject_form_input field docs (pull #10)

0.0.6     2014-08-05 20:47:11+00:00 UTC
 - Pass app() to 'blocked' sub (pull #8)
 - Allow bypassing form input injection (pull #9)

0.0.5     2014-07-22 15:28:43+00:00 UTC
 - stop requiring end-users have Pod::Weaver::Section::Contributors
   This was a mistake with the dist.ini Prereqs on my part
   Raised by tomhukins in issue #7
   Changed BuildRequires -> DevelopRequires

0.0.4     2014-07-09 12:44:03+00:00 UTC
 - Add PSGI env to xsrf_detected arguments
   [mryall: pull #6]

0.0.3     2014-06-24 15:01:07+00:00 UTC
 - Prevent a warning for forms with no action
   [willert: pull #5]

0.0.2     2014-03-28 11:33:16+00:00 UTC
 - Add cookie_options setting [github:throughnothing]
 - add and use Dist::Zilla::Plugin::ContributorsFromGit

0.0.1     2013-10-21 15:35:10 UTC
 - Add header_name / X-* header feature
 - Add Git Commit and Push to end of dist.ini
 - Add improved 'undef' handling in some checks
 - Add POD explaining the error messages in more detail
 - Specify main_module in dist.ini

0.0.0_05  2013-06-24 00:29:09 Europe/London

 - add test(s) for 'meta_tag' option
 - add test(s) for 'blocked' option
 - add 'cookie_expiry_seconds' option
 - add documentation for 'blocked' option

0.0.0_04  2013-06-21 16:03:08 Europe/London

 - add FURTHER READING to documentation
 - add missing test module dependency

0.0.0_03  2013-06-21 15:47:42 Europe/London

 - extend and refactor tests

0.0.0_02  2013-06-21 15:07:06 Europe/London

 - fix content modification so we don't throw most of it away
 - fix broken input field
 - allow meta_tag value to be set/over-ridden
 - add 'token_per_request' feature
 - factor out some common test functions
   and update tests to use Test::XSRFBlock::Util
 - extend documentation

0.0.0_01  2013-06-20 12:00:04 Europe/London

 - Initial release
	Global
`s`	Focus search bar
`?`	Bring up this help dialog
	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)
	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse
	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)