- How does Mojolicious compare to other Perl web frameworks?
- Why doesn't Mojolicious have any dependencies?
- Why reinvent wheels?
- What about backwards compatibility?
- Why not split up Mojolicious into many smaller distributions?
- What does the error "Maximum message size exceeded." mean?
- What does the error "Maximum line size exceeded." mean?
- What does "Your secret passphrase needs to be changed!!!" mean?
- What does "Inactivity timeout." mean.
- What does "Premature connection close." mean?
- I think i have found a bug, what should i do now?
- Which namespace should i use for Mojolicious plugins?
Mojolicious::Guides::FAQ - Frequently Asked Questions
This document contains the most frequently asked questions about Mojolicious together with the right answers.
The short answer is "it doesn't", because we interpret the words "web framework" much more literally than others. With the emergence of the
Real-time Web and new technologies such as
WebSockets, we are facing new challenges that go way beyond what commonly used modules like LWP were designed for. Because of this Mojolicious contains a whole new
HTTP client/server stack called Mojo, which was heavily inspired by the original
LWPng effort and carefully designed with these new requirements in mind. So while some of the higher abstraction layers might look similar to other web frameworks, it actually defines a whole new category and could even be the foundation for more advanced ones in the future.
We are optimizing Mojolicious for user-friendliness and development speed without compromises. While there are no rules in Mojolicious::Guides::CodingGuidelines that forbid dependencies, we do currently discourage adding non-optional ones in favor of a faster and more painless installation process. And we do in fact already use several optional CPAN modules such as EV, IO::Socket::IP, IO::Socket::SSL, Net::Rendezvous::Publish and Plack to provide advanced functionality if they are installed.
Because we can make them rounder. Components specifically designed for user-friendliness and development speed are not easy to come by. While we are strong believers of the Perl mantra "There is more than one way to do it.", we also believe that well designed defaults result in a much more pleasant user experience. We want the best of both worlds.
In conformance with Mojolicious::Guides::CodingGuidelines, we will always deprecate a feature for at least one major release before removing or changing it in incompatible ways. New features can however be marked as experimental to explicitly exclude them from these rules. This gives us the necessary freedom to ensure a healthy future for Mojolicious. So, as long as you are not using anything marked experimental, untested or undocumented, you can always count on backwards compatibility, everything else would be considered a bug.
Because there are no advantages, it drastically increases maintenance costs and installation times without giving us anything in return. It would only make sense if we wanted to pass ownership of a module to a new maintainer, which we already have done in the past.
To protect your applications from excessively large requests and responses, our HTTP parser has a cap after which it will automatically stop accepting new data, and in most cases force the connection to be dropped. This limit is around
5MB by default, you can use the
MOJO_MAX_MESSAGE_SIZE environment variable to change this value.
This is a very similar protection mechanism to the one described in the previous answer, but a little more specific. It limits the maximum length of any
\r\n terminated part of a HTTP message, such as request line, status line and headers. This limit is around
10KB by default, you can use the
MOJO_MAX_LINE_SIZE environment variable to change this value.
Mojolicious uses a secret passphrase for security features such as signed cookies. It defaults to the name of your application, which is not very secure, so we added this log message as a reminder. You can change the passphrase with the
secret attribute of Mojolicious.
app->secret('My very secret passphrase.');
To protect your applications from denial-of-service attacks, all connections have an inactivity timeout which limits how long a connection may be inactive before being dropped automatically. It defaults to
20 seconds for the user agent and
15 seconds for all built-in web servers, and is commonly referred to as
inactivity_timeout. This timeout always applies, so you might have to tweak it for applications that take a long time to process a request.
This error message is often related to the one above, and means that the web server closed the connection before the user agent could receive the whole response.
First make sure you are using the latest version of Mojolicious, it is quite likely that the bug has already been fixed. If that doesn't help prepare a test case demonstrating the bug, you are not expected to fix it yourself, but you'll have to make sure the developers can replicate your problem. Sending in your whole application generally does more harm than good, the
t directory of this distribution has many good examples for how to do it right. Writing a test is usually the hardest part of fixing a bug, so the better your test case the faster it can be fixed. ;)
If you decide to fix the bug yourself make sure to also take a look at Mojolicious::Guides::CodingGuidelines.
For all new plugins that you might want to release to CPAN we suggest using the "Mojolicious::Plugin" namespace. While "MojoX" has been used a lot in the past, it is now deprecated.