Name
CatalystX::Usul::Plugin::Controller::TokenValidation - CSRF form tokens
Version
0.7.$Revision: 1181 $
Synopsis
# In controller base class
sub end {
my ($self, $c) = @_;
if ($c->stash->{token} && $self->can( q(add_token) )) {
$self->add_token( $c );
}
$c->forward( q(render) );
return;
}
# In custom action class
if ($controller->can( q(validate_token) ) && _should_validate( $c )) {
unless ($controller->validate_token( $c )) {
return $self->_invalid_token( @args )
? $self->next::method( @rest ) : undef;
}
$controller->remove_token( $c );
}Description
Generates and validates CSRF form tokens
Subroutines/Methods
add_token
Adds a CSRF token to the form
do_not_add_token
Deletes the token attribute from the stash, thus preventing the token from being added to the response
remove_token
Removes the validated token from the form so that it is not mistaken for a regular input field
validate_token
Checks to see if the token stored in the session matches the one posted back in the form
Diagnostics
None
Configuration and Environment
None
Dependencies
Incompatibilities
There are no known incompatibilities in this module
Bugs and Limitations
There are no known bugs in this module. Please report problems to the address below. Patches are welcome
Author
Peter Flanigan, <Support at RoxSoft.co.uk>
License and Copyright
Copyright (c) 2011 Peter Flanigan. All rights reserved
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic
This program is distributed in the hope that it will be useful, but WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE