Re: [html-formfu] Re: Always HTTP Method POST

Moritz Onken Sat, 20 Feb 2010 17:57:31 -0800

The only way to prevent CSRF attacks is to use one-time tokens. 
Catalyst::Controller::HTML::FormFu supports that already. Have a look at 
http://search.cpan.org/~cfranks/Catalyst-Controller-HTML-FormFu-0.06001/lib/Catalyst/Controller/HTML/FormFu.pm#request_token_enable.


Don't rely on the referrer! Some browsers and especially some browser plugins 
do not send the referrer for privacy reasons.

cheers,

moritz



Am 21.02.2010 um 08:22 schrieb Oleg Kostyuk:

> Hello Rod,
> 
> As for me, used HTTP method is part of HTTP request, and not part of
> form's data. And so, I don't see why FormFu should have something like
> you want. If you use Catalyst, you could look at
> Catalyst::Action::REST.
> 
> Good luck!
> 
> --
> Sincerely yours,
> Oleg Kostyuk (CUB-UANIC)
> 
> _______________________________________________
> HTML-FormFu mailing list
> [email protected]
> http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu


_______________________________________________
HTML-FormFu mailing list
[email protected]
http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/html-formfu

Re: [html-formfu] Re: Always HTTP Method POST

Reply via email to