[html-formfu] Re: Always HTTP Method POST
Moritz Onken
onken at houseofdesign.de
Sun Feb 21 01:56:05 GMT 2010
The only way to prevent CSRF attacks is to use one-time tokens. Catalyst::Controller::HTML::FormFu supports that already. Have a look at http://search.cpan.org/~cfranks/Catalyst-Controller-HTML-FormFu-0.06001/lib/Catalyst/Controller/HTML/FormFu.pm#request_token_enable.
Don't rely on the referrer! Some browsers and especially some browser plugins do not send the referrer for privacy reasons.
cheers,
moritz
Am 21.02.2010 um 08:22 schrieb Oleg Kostyuk:
> Hello Rod,
>
> As for me, used HTTP method is part of HTTP request, and not part of
> form's data. And so, I don't see why FormFu should have something like
> you want. If you use Catalyst, you could look at
> Catalyst::Action::REST.
>
> Good luck!
>
> --
> Sincerely yours,
> Oleg Kostyuk (CUB-UANIC)
>
> _______________________________________________
> HTML-FormFu mailing list
> HTML-FormFu at lists.scsys.co.uk
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu
More information about the HTML-FormFu
mailing list