Securing your website against Cross Site Request Forgery Attacks
I was pleasently surprised to find out that there is already a Plack Middleware that improves security against CSRF attacks. And it's very easy to use.
I'll demonstrate with a Catalyst example but any app running with Plack can make use of it.
In your application you simply configure the middleware.
(Note: Plack::Middleware::CSRFBlock depends on Plack::Middleware::Session)
# lib/MyApp.pm use Catalyst qw/ EnableMiddleware /; __PACKAGE__->config( # ... 'Plugin::EnableMiddleware' => [qw/ Session CSRFBlock /], );
And that's it. From now on CSRFBlock adds a token to your forms and when you submit the form it will check if the token is valid.