July 2012 Archives

Using Plack::Middleware::CSRFBlock and jQuery to deal with Cross Site Request Forgery

At $work, our flagship application was recently audited for potential security issues. One of the items which raised a red flag was the fact that we weren't dealing with the threat of CSRF (Cross Site Request Forgery). The solution which we decided to implement was to add a CSRF token to all POST requests. This token should only be known to the app and the end user. Passing it along with a POST request gives some measure of assurance that a POST by the user is intentional and so can help to reduce the risk of CSRF.

About Olaf Alders

user-pic I hack on iCPAN, MetaCPAN and other fun stuff.