Masahiro Chiba
and 1 contributors

NAME

Plack::Middleware::RefererCheck - check referer for defensive CSRF attack.(DEPRECATED)

SYNOPSIS

  use Plack::Builder;

  builder {
      enable 'RefererCheck', host => 'www.example.com', same_scheme => 1, error_app => sub { [403, [], ['Forbidden']] };
      $app;
  };
 
  or more simply(host from $env->{HTTP_HOST} and same_scheme => 0)
  # this is vulnerabilly for DNS Rebinding
  builder {
      enable 'RefererCheck';
      $app;
  };

DESCRIPTION

Please note that this module has been DEPRECATED.

Because Referer is not required and RFC2616 strongly recommends that the user be able to select whether or not the field.

Please use other way. For example Plack::Middleware::CSRFBlock, Catalyst::Controller::RequestToken and Amon2::Plugin::Web::CSRFDefender.

CONFIGURATION

host

Instead of using $env->{HTTP_HOST} if you set.

same_scheme

Check if you are setting "1" the same scheme.default: "0"

error_app

Is an PSGI-app that runs on errors.default: return 403 Forbidden app.

no_warn

mute DEPRECATED warnings.

AUTHOR

Masahiro Chiba

LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

Plack::Middleware Plack::Builder