Plack::Middleware::BlockHeaderInjection - block header injections in responses
version v1.0.1
use Plack::Builder; my $app = ... $app = builder { enable 'BlockHeaderInjection', status => 500; $app; };
This middleware will check responses for injected headers. If the headers contain newlines, then the return code is set to 500 and the offending header(s) are removed.
500
A common source of header injections is when parameters are passed unchecked into a header (such as the redirection location).
An attacker can use injected headers to bypass system security, by forging a header used for security (such as a referrer or cookie).
The status code to return if an invalid header is found. By default, this is 500.
https://en.wikipedia.org/wiki/HTTP_header_injection
The development version is on github at https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection and may be cloned from git://github.com/robrwo/Plack-Middleware-BlockHeaderInjection.git
Please report any bugs or feature requests on the bugtracker website https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection/issues
When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.
Robert Rothenberg <rrwo@cpan.org>
The initial development of this module was supported by Foxtons, Ltd https://www.foxtons.co.uk.
This software is Copyright (c) 2014,2020 by Robert Rothenberg.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)
To install Plack::Middleware::BlockHeaderInjection, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Plack::Middleware::BlockHeaderInjection
CPAN shell
perl -MCPAN -e shell install Plack::Middleware::BlockHeaderInjection
For more information on module installation, please visit the detailed CPAN module installation guide.