NAME

Mojolicious::Plugin::CSRFProtect - fully protects you from CSRF attacks

SYNOPSIS

  # Mojolicious
  $self->plugin('CSRFProtect');

  # Mojolicious::Lite
  plugin 'CSRFProtect';
  
  # Use "form_for" helper and all your html forms will have CSRF protection token 

    <%= form_for login => (method => 'post') => begin %>
           <%= text_field 'first_name' %>
           <%= submit_button %>
    <% end %>
    
  # Place jquery_ajax_csrf_protection helper to your layout template 
  # and all AJAX requests will have CSRF protection token (requires JQuery)
   
    <%= jquery_ajax_csrf_protection %>

DESCRIPTION

Mojolicious::Plugin::CSRFProtect is a Mojolicious plugin which fully protects you from CSRF attacks.

It does next things:

1. Adds a hidden input (with name 'csrftoken') with CSRF protection token to every form (works only if you use form_for helper from Mojolicious::Plugin::TagHelpers.)

2. Adds the header "X-CSRF-Token" with CSRF token to every AJAX request (works with JQuery only)

3. Rejects all non GET requests without the correct CSRF protection token.

If you want protect your GET requests then you can do it manually

In template: <a href="/delete_user/123/?csrftoken=<%= csrftoken %>">

In controller: $self->is_valid_csrftoken()

HELPERS

`form_for`

    This helper overrides the C<form_for> helper from Mojolicious::Plugin::TagHelpers 
    
    and adds hidden input with CSRF protection token.

`jquery_ajax_csrf_protection`

    This helper adds CSRF protection headers to all JQuery AJAX requests.
    
    You should add <%= jquery_ajax_csrf_protection %> in head of your HTML page.

`csrftoken`

    returns  CSRF Protection token. 
    
    In templates <%= csrftoken %>
    
    In controller $self->csrftoken;

`is_valid_csrftoken`

    With this helper you can check $csrftoken manually. It will take $csrftoken from $c->param('csrftoken');
     
    $self->is_valid_csrftoken() will return 1 or 0

LICENSE AND COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of either: the GNU General Public License as published by the Free Software Foundation; or the Artistic License.

See http://dev.perl.org/licenses/ for more information.

To install Mojolicious::Plugin::CSRFProtect, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious::Plugin::CSRFProtect

CPAN shell

perl -MCPAN -e shell
install Mojolicious::Plugin::CSRFProtect

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

HELPERS

form_for

jquery_ajax_csrf_protection

csrftoken

is_valid_csrftoken

SEE ALSO

LICENSE AND COPYRIGHT

Module Install Instructions

`form_for`

`jquery_ajax_csrf_protection`

`csrftoken`

`is_valid_csrftoken`