.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings.  \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote.  \*(C+ will
.\" give a nicer C++.  Capital omega is used to do unbreakable dashes and
.\" therefore won't be available.  \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
.    ds -- \(*W-
.    ds PI pi
.    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
.    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
.    ds L" ""
.    ds R" ""
.    ds C` ""
.    ds C' ""
'br\}
.el\{\
.    ds -- \|\(em\|
.    ds PI \(*p
.    ds L" ``
.    ds R" ''
.    ds C`
.    ds C'
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD.  Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.\"
.\" Avoid warning from groff about undefined register 'F'.
.de IX
..
.nr rF 0
.if \n(.g .if rF .nr rF 1
.if (\n(rF:(\n(.g==0)) \{
.    if \nF \{
.        de IX
.        tm Index:\\$1\t\\n%\t"\\$2"
..
.        if !\nF==2 \{
.            nr % 0
.            nr F 2
.        \}
.    \}
.\}
.rr rF
.\"
.\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
.\" Fear.  Run.  Save yourself.  No user-serviceable parts.
.    \" fudge factors for nroff and troff
.if n \{\
.    ds #H 0
.    ds #V .8m
.    ds #F .3m
.    ds #[ \f1
.    ds #] \fP
.\}
.if t \{\
.    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
.    ds #V .6m
.    ds #F 0
.    ds #[ \&
.    ds #] \&
.\}
.    \" simple accents for nroff and troff
.if n \{\
.    ds ' \&
.    ds ` \&
.    ds ^ \&
.    ds , \&
.    ds ~ ~
.    ds /
.\}
.if t \{\
.    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
.    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
.    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
.    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
.    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
.    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
.    \" troff and (daisy-wheel) nroff accents
.ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V'
.ds 8 \h'\*(#H'\(*b\h'-\*(#H'
.ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#]
.ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H'
.ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u'
.ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#]
.ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#]
.ds ae a\h'-(\w'a'u*4/10)'e
.ds Ae A\h'-(\w'A'u*4/10)'E
.    \" corrections for vroff
.if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u'
.if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u'
.    \" for low resolution devices (crt and lpr)
.if \n(.H>23 .if \n(.V>19 \
\{\
.    ds : e
.    ds 8 ss
.    ds o a
.    ds d- d\h'-1'\(ga
.    ds D- D\h'-1'\(hy
.    ds th \o'bp'
.    ds Th \o'LP'
.    ds ae ae
.    ds Ae AE
.\}
.rm #[ #] #H #V #F C
.\" ========================================================================
.\"
.IX Title "CGI::Application::Plugin::ProtectCSRF 3pm"
.TH CGI::Application::Plugin::ProtectCSRF 3pm "2015-06-10" "perl v5.20.2" "User Contributed Perl Documentation"
.\" For nroff, turn off justification.  Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
CGI::Application::Plugin::ProtectCSRF \- generate and verify anti\-CSRF tickets
.SH "VERSION"
.IX Header "VERSION"
1.01
.SH "SYNPSIS"
.IX Header "SYNPSIS"
.Vb 4
\&  use Your::App;
\&  use base qw(CGI::Application);
\&  use CGI::Application::Plugin::Session; # mandatory !!
\&  use CGI::Application::Plugin::ProtectCSRF;
\&
\&  sub input_form : PublishCSRFID {
\&    my $self = shift;
\&    do_something();
\&  }
\&
\&  sub finish : ProtectCSRF {
\&    my $self = shift;
\&    $self\->clear_csrf_id;
\&    do_something();
\&  }
.Ve
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
CGI::Application::Plugin::ProtectCSRF provides tools to protect forms in
CGI::Application web applications from \s-1CSRF\s0 attacks. Run mode handlers
may be declared with the \f(CW\*(C`PublishCSFRID\*(C'\fR or \f(CW\*(C`ProtectCSFR\*(C'\fR attributes.
The former should usually be applied to a run mode, whose \s-1HTML\s0 includes
a \f(CW\*(C`form\*(C'\fR tag. In this case a ticket is generated and stored in the session
during a prerun callback and a \f(CW\*(C`hidden\*(C'\fR control field, publishing the
ticket, is added to the form during a postrun callback. Conversely the
\&\f(CW\*(C`ProtectCSRF\*(C'\fR attribute should normally be applied to the corresponding
run modes that process data from a submitted form. A prerun callback checks
for the hidden field and checks that it matches the ticket saved
in the session. If the check fails the page is redirected to a
customizable error page. On success the form processing run mode should
use the \f(CW\*(C`clear_csrf_id\*(C'\fR method, so that subsequent calls to forms from that
session will generate fresh tickets.
.SH "ACTION"
.IX Header "ACTION"
.SS "PublishCSRFID"
.IX Subsection "PublishCSRFID"
Run modes declared with the \f(CW\*(C`PublishCSRFID\*(C'\fR attribute, take the following
actions:
.IP "\- generate \s-1CSRF\s0 ticket and store it in the session;" 4
.IX Item "- generate CSRF ticket and store it in the session;"
.PD 0
.IP "\- generate the form as per the module code;" 4
.IX Item "- generate the form as per the module code;"
.IP "\- add a hidden element to the form publishing the \s-1CSRF\s0 ticket." 4
.IX Item "- add a hidden element to the form publishing the CSRF ticket."
.PD
.PP
.Vb 11
\&  # publish CSRF ticket
\&  sub input_form : PublishCSRFID {
\&    my $self = shift;
\&    return <<HTML;
\&  <form action="foo" method="post">
\&  <input type="text" name="name">
\&  <input type="submit" value="submit!">
\&  <input type="hidden" name="rm" value="finish">
\&  </form>
\&  HTML
\&  }
\&  
\&  # display html source
\&  <form action="foo" method="post">
\&  <input type="hidden" name="_csrf_id" value="random string" /> <\- insert hidden field
\&  <input type="text" name="name">
\&  <input type="submit" value="submit!">
\&  <input type="hidden" name="rm" value="finish">
\&  </form>
.Ve
.SS "ProtectCSRF"
.IX Subsection "ProtectCSRF"
Run modes declared with the \f(CW\*(C`ProtectCSRF\*(C'\fR attribute, take the following
actions:
.IP "\- verify that the submitted \s-1CSRF\s0 ticket matches the ticket saved in the session. If there is any sort of issue with the ticket the page is redirected to a customizable error page;" 4
.IX Item "- verify that the submitted CSRF ticket matches the ticket saved in the session. If there is any sort of issue with the ticket the page is redirected to a customizable error page;"
.PD 0
.IP "\- the form is processed as per the module code;" 4
.IX Item "- the form is processed as per the module code;"
.ie n .IP "\- the form should call the ""clear_csfr_id"" method so that subsequent forms generate fresh tickets. The code does not do this because if the form validation fails it might be best to retain the same ticket." 4
.el .IP "\- the form should call the \f(CWclear_csfr_id\fR method so that subsequent forms generate fresh tickets. The code does not do this because if the form validation fails it might be best to retain the same ticket." 4
.IX Item "- the form should call the clear_csfr_id method so that subsequent forms generate fresh tickets. The code does not do this because if the form validation fails it might be best to retain the same ticket."
.PD
.PP
.Vb 2
\&  sub finish : ProtectCSRF {
\&    my $self = shift;
\&
\&    # required! Unless forms and their processing are tightly
\&    # coupled by clearing the ticket between invocations,
\&    # the meaning of the ticket is lost.
\&    $self\->clear_csrf_id;
\&
\&    # The processing that you want to perform (DB processing etc)
\&    do_something();
\&  }
.Ve
.SH "METHOD"
.IX Header "METHOD"
.SS "csrf_id"
.IX Subsection "csrf_id"
This method returns the \s-1CSRF\s0 ticket saved in the session.
.PP
Example:
.PP
.Vb 2
\&  sub input_form : PublishCSRFID {
\&    my $self = shift;
\&
\&    my $csrf_id = $self\->csrf_id;
\&    do_something();
\&  }
.Ve
.SS "protect_csrf_config"
.IX Subsection "protect_csrf_config"
This method initializes the ProtectCSRF state using any configuration options
that were passed to it. The available options are:
.IP "\fBcsrf_error_status\fR \- The \s-1HTTP\s0 status code that would be set on the \s-1CSRF\s0 error page if a \s-1CSRF\s0 attack is identified. It defaults to 200." 4
.IX Item "csrf_error_status - The HTTP status code that would be set on the CSRF error page if a CSRF attack is identified. It defaults to 200."
.PD 0
.ie n .IP "\fBcsrf_error_mode\fR \- The CGI::Application runmode name. This defaults to ""_csrf_error""." 4
.el .IP "\fBcsrf_error_mode\fR \- The CGI::Application runmode name. This defaults to \f(CW_csrf_error\fR." 4
.IX Item "csrf_error_mode - The CGI::Application runmode name. This defaults to _csrf_error."
.ie n .IP "\fBcsrf_error_tmpl\fR \- The \s-1HTML\s0 displayed in the event of a \s-1CSRF\s0 attack being detected in the form of a scalarref or filepath or filehandle. One may consider HTML::Template for inspiration on thse formats. The default is $CSRF_ERROR_TMPL which is a scalarref." 4
.el .IP "\fBcsrf_error_tmpl\fR \- The \s-1HTML\s0 displayed in the event of a \s-1CSRF\s0 attack being detected in the form of a scalarref or filepath or filehandle. One may consider HTML::Template for inspiration on thse formats. The default is \f(CW$CSRF_ERROR_TMPL\fR which is a scalarref." 4
.IX Item "csrf_error_tmpl - The HTML displayed in the event of a CSRF attack being detected in the form of a scalarref or filepath or filehandle. One may consider HTML::Template for inspiration on thse formats. The default is $CSRF_ERROR_TMPL which is a scalarref."
.IP "\fBcsrf_error_tmpl_param\fR \- A hashref of parameters to be placed in the above template. See HTML::Template." 4
.IX Item "csrf_error_tmpl_param - A hashref of parameters to be placed in the above template. See HTML::Template."
.ie n .IP "\fBcsrf_id\fR \- The name of the session parameter used to store the \s-1CSRF\s0 ticket.This defaults to ""_csrf_id""." 4
.el .IP "\fBcsrf_id\fR \- The name of the session parameter used to store the \s-1CSRF\s0 ticket.This defaults to \f(CW_csrf_id\fR." 4
.IX Item "csrf_id - The name of the session parameter used to store the CSRF ticket.This defaults to _csrf_id."
.IP "\fBcsrf_post_only\fR \- If set non-POST requests to a run mode which is protected by this module would be rejected. By default this is 0." 4
.IX Item "csrf_post_only - If set non-POST requests to a run mode which is protected by this module would be rejected. By default this is 0."
.PD
.PP
Example:
.PP
.Vb 11
\&  sub cgiapp_init {
\&    my $self = shift;
\&    $self\->tmpl_path("/path/to/template");
\&    $self\->protect_csrf_config(
\&                           csrf_error_status     => 403, # change forbidden
\&                           csrf_error_tmpl       => "csrf_error.tmpl",
\&                           csrf_error_tmpl_param => { TITLE => "CSRF ERROR", MESSAGE => "your access is csrf!"},
\&                           csrf_id               => "ticket_id",
\&                           csrf_post_only        => 1
\&                         );
\&  }
\&
\&  # csrf_error.tmpl
\&  <html><head><title><TMPL_VAR NAME=TITLE ESCAPE=HTML></title></head>
\&  <body>
\&  <h1>CSRF Error</h1>
\&  <span style="color: red"><TMPL_VAR NAME=MESSAGE ESCAPE=HTML></span>
\&  </body>
\&  </html>
.Ve
.SS "clear_csrf_id"
.IX Subsection "clear_csrf_id"
This method clears the \s-1CSFR\s0 ticket. This should be done during the processing
of a form request.
.PP
Example :
.PP
.Vb 4
\&  sub cgiapp_init {
\&    my $self = shift;
\&    $self\->protect_csrf_config;
\&  }
\&
\&  sub input {
\&    my $self = shift;
\&    do_something(). # input form display..
\&  }
\&  
\&  sub confirm : PublishCSRFID {
\&    my $self = shift;
\&    do_something(). # publish csrf_id and input check and confirm display..
\&  }
\&
\&  sub complete : ProtectCSRF {
\&    my $self = shift;
\&    $self\->clear_csrf_id(1); # clear csrf_id for CSRF protect
\&    do_something();          # DB insert etc..
\&  }
.Ve
.SH "CALLBACK"
.IX Header "CALLBACK"
.SS "_publish_csrf_id"
.IX Subsection "_publish_csrf_id"
prerun callback
.SS "_csrf_forbidden"
.IX Subsection "_csrf_forbidden"
prerun callback
.SS "_add_csrf_id"
.IX Subsection "_add_csrf_id"
postrun callback
.SH "CAUTION"
.IX Header "CAUTION"
This module should not be seen as a panacea for all web security issues.
The user should fully understand and act on all security threats his
application may face, including whether this module is an adequate and
useful tool.
.SH "SEE ALSO"
.IX Header "SEE ALSO"
Attribute::Handlers,
Carp,
CGI::Application,
CGI::Application::Plugin::Session,
Digest::SHA,
Exporter,
HTML::TokeParser,
HTML::Template
.SH "AUTHOR"
.IX Header "AUTHOR"
Akira Horimoto <kurt0027@gmail.com>
.SH "COPYRIGHT"
.IX Header "COPYRIGHT"
Copyright (C) 2006 \- 2008 Akira Horimoto
.PP
This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.