CatalystX::Usul::Plugin::Controller::TokenValidation - CSRF form tokens
0.7.$Revision: 1181 $
# In controller base class
sub end {
my ($self, $c) = @_;
if ($c->stash->{token} && $self->can( q(add_token) )) {
$self->add_token( $c );
}
$c->forward( q(render) );
return;
}
# In custom action class
if ($controller->can( q(validate_token) ) && _should_validate( $c )) {
unless ($controller->validate_token( $c )) {
return $self->_invalid_token( @args )
? $self->next::method( @rest ) : undef;
}
$controller->remove_token( $c );
}
Generates and validates CSRF form tokens
Adds a CSRF token to the form
Deletes the token attribute from the stash, thus preventing the token from being added to the response
Removes the validated token from the form so that it is not mistaken for a regular input field
Checks to see if the token stored in the session matches the one posted back in the form
None
None
There are no known incompatibilities in this module
There are no known bugs in this module. Please report problems to the address below. Patches are welcome
Peter Flanigan, <Support at RoxSoft.co.uk>
Copyright (c) 2011 Peter Flanigan. All rights reserved
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic
This program is distributed in the hope that it will be useful, but WITHOUT WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE
