NAME CGI::Application::Plugin::ProtectCSRF - Plug-in protected from CSRF VERSION 0.01 SYSNPSIS use Your::App; use CGI::Application::Plugin::Session; # require!! use CGI::Application::Plugin::ProtectCSRF; DESCRIPTION CGI::Application::Plugin::ProtectCSRF is C::A::P protected from CSRF. When CSRF is detected, 403 Forbidden is returned and processing is interrupted. METHOD clear_csrfid Clear csrfid. It is preferable to make it execute after processing ends. Input screen => confirmation screen => completion screen(here!!) Example : sub input { my $self = shift; .... } sub confirm { my $self = shift; .... } sub complete { my $self = shift; ...process start(DB insert etc..) $self->clear_csrfid; .... } is_post_request Check request method.If request method is POST, 1 is returned. Example : my $post_flag; if($self->is_post_request){ # $self->query->request_method or $ENV{REQUEST_METHOD} is POST }else{ # not POST } CAUTION It has only the protection function of basic CSRF,and mount other security checks in the application, please. SEE ALSO Carp CGI::Application Exporter Digest::SHA1 HTML::TokeParser List::Util AUTHOR Akira Horimoto COPYRIGHT Copyright (C) 2006 Akira Horimoto This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.