NAME
Pickles::Plugin::AntiCSRF - CSRF Block Plugin
SYNOPSIS
package MyApp::Context;
use parent qw(Pickles::Context);
__PACKAGE__->load_plugins(qw(Encode AntiCSRF));
## etc/config.pl
return +{
'Plugin::AntiCSRF' => {
token_name => '_token',
token_length => 8
}
};
# etc/routes.pl
router {
# no CSRF protection
connect '/' => { controller => 'Root', action => 'index' };
# Automatically protected!
connect '/commit' =>
{ controller => 'Root', action => 'commit' },
{ method => 'POST' };
};
DESCRIPTION
Provides basic CSRF detection/protection.
CONTROLLING CSRF CHECK
USING THE STASH
## lib/MyApp/Context.pm
__PACKAGE__->load_plugins(qw(Encode AntiCSRF));
__PACKAGE__->add_trigger( init => sub {
my( $c ) = @_;
if ($c->req->path=~m|^/api|) {
$c->stash->{skip_csrf_check}++;
}
} );
USING ROUTES
connect '/api' =>
{
controller => 'Root',
action => 'api',
skip_csrf_check => 1 # Disable CSRF check
},
{
method => 'POST'
}
;