文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >如何在Dancer中使用Plack::Middleware::CSRFBlock?

如何在Dancer中使用Plack::Middleware::CSRFBlock?
EN

Stack Overflow用户
提问于 2012-10-28 20:45:46
回答 1查看 694关注 0票数 2

我想用Dancer保护所有表单不受CSRF的影响。

我尝试使用Plack::Middleware::CSRFBlock,但错误显示"CSRFBlock需要会话。“即使我使用Plack::Session,表单也没有包含一次令牌的隐藏输入字段。

有什么好的做法可以做到这一点吗?任何建议都非常感谢。

我的environment/development.yml是:

代码语言:javascript
复制
# configuration file for development environment

# the logger engine to use
# console: log messages to STDOUT (your console where you started the
#          application server)
# file:    log message to a file in log/
logger: "console"

# the log level for this environment
# core is the lowest, it shows Dancer's core log messages as well as yours
# (debug, info, warning and error)
log: "core"

# should Dancer consider warnings as critical errors?
warnings: 1

# should Dancer show a stacktrace when an error is caught?
show_errors: 1

# auto_reload is a development and experimental feature
# you should enable it by yourself if you want it
# Module::Refresh is needed 
# 
# Be aware it's unstable and may cause a memory leak.
# DO NOT EVER USE THIS FEATURE IN PRODUCTION 
# OR TINY KITTENS SHALL DIE WITH LOTS OF SUFFERING
auto_reload: 0

session: Simple
#session: YAML

plack_middlewares:
    -
        #- Session
        - CSRFBlock
        - Debug
        - panels
        -
            - Parameters
            - Dancer::Version
            - Dancer::Settings
            - Memory

路由是:

代码语言:javascript
复制
get '/test' => sub {
    return <<EOM
        <!DOCTYPE html>
        <html>
        <head><title>test route</title></head>
        <body>
            <form action="./foobar" method="post">
            <input type="text"/>
            <input type="submit"/>
            </form>
        </body>
        </html>
EOM
};
perl
csrf
dancer
plack
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2012-10-29 16:56:22

我注意到Debug面板没有显示,这意味着Plack::Middlewares::Debug没有加载。在 How to use Dancer with Plack middlewares | PerlDancer Advent Calendar Plack::Middleware::Debug::Dancer::Version的帮助下,我设法把它打开了

代码语言:javascript
复制
session: PSGI
## Dancer::Session::PSGI

plack_middlewares:
    -
        - Session
    -
        - CSRFBlock
    -
        - Debug
## panels is an argument for Debug, as in 
## enable 'Debug', panels => [ qw( Parameters Response Environment Session Timer Dancer::Logger Dancer::Settings Dancer::Version ) ];
        - panels
        -
            - Parameters
            - Response
            - Environment
            - Session
            - Timer
            - Dancer::Logger
            - Dancer::Settings
            - Dancer::Version
#Plack::Middleware::Debug::Dancer::Version
票数 4
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/13108894

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档