NAME

RPC::Any::Interface::HTTP - HTTP input/output support for RPC::Any::Server

DESCRIPTION

This module houses code that is common to all the "HTTP" servers in RPC::Any (RPC::Any::Server::XMLRPC::HTTP and RPC::Any::Server::JSONRPC). RPC::Any HTTP servers understand HTTP input and return HTTP output. This means that HTTP servers expect there to be HTTP headers on the input provided to handle_input, and they return HTTP headers as part of the return value of handle_input.

So, if an HTTP server is reading from STDIN, it expects both the HTTP headers and the RPC input to be there.

HTTP servers also accept an HTTP::Request object as input to handle_input.

HTTP SERVER ATTRIBUTES

Servers that use this code (including all the "HTTP" and "CGI" servers) have certain additional attributes beyond the ones described in RPC::Any::Server. These can all be specified during new or set like $server->method($value). They are all optional.

allow_get

By default, RPC::Any's HTTP servers do not allow GET requests, because they have serious security issues that you as an implementor have to take into account:

  • You must never allow methods called with GET to modify data in your application. Otherwise, a malicious website could cause a user to modify data in your application when they did not intend to. (This is a Cross-Site Request Forgery.)

  • If your application uses cookies or HTTP authentication, you should be careful about deciding whether or not to authenticate the user using these methods during GET requests, if your application contains sensitive data. During a GET request that was automatically authenticated with cookies, It may be possible for a malicious web site to steal private data from your application using authorized user accounts wihout the user's permission.

If you have addressed these security concerns in your application and want to allow GET requests, you can set this to 1 to allow them.

extra_headers

This is a hashref that specifies extra HTTP headers that the server should send back. The hash keys are the names of the headers, and the values are the values for the headers. Any header specified here will override the default headers sent by RPC::Any.

last_request

An HTTP::Request representing the last request that the server processed. (Note for subclassers: this is not available until decode_input_to_object.)