Securing your website against Cross Site Request Forgery Attacks

By davewood on May 29, 2013 9:26 AM

I was pleasently surprised to find out that there is already a Plack Middleware that improves security against CSRF attacks. And it's very easy to use.

I'll demonstrate with a Catalyst example but any app running with Plack can make use of it.

In your application you simply configure the middleware.
(Note: Plack::Middleware::CSRFBlock depends on Plack::Middleware::Session)

   # lib/MyApp.pm
   use Catalyst qw/ EnableMiddleware /;
   __PACKAGE__->config(
      # ...
      'Plugin::EnableMiddleware' => [qw/
         Session
         CSRFBlock
      /],
   );

And that's it. From now on CSRFBlock adds a token to your forms and when you submit the form it will check if the token is valid.

1 comment

Tagged as:

Catalyst, CSRF, CSRFBlock, Middleware, Plack, Security

1 Comment

davewood | May 29, 2013 6:51 PM | Reply

https://blogs.perl.org/users/olaf_alders/2012/07/using-plackmiddlewarecsrfblock-and-jquery-to-deal-with-cross-site-request-forgery.html

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

About davewood

I like Toast.

More info »

davewood