# NAME Amon2::Plugin::Web::CSRFDefender - Anti CSRF filter # SYNOPSIS package MyApp::Web; use Amon2::Web; __PACKAGE__->load_plugin('Web::CSRFDefender'); # DESCRIPTION This plugin denies CSRF request. Do not use this with [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2). Because [HTTP::Session2](https://metacpan.org/pod/HTTP::Session2) has XSRF token management function by itself. # METHODS - $c->get\_csrf\_defender\_token() Get a CSRF defender token. This method is useful to add token for AJAX request. - $c->validate\_csrf() You can validate CSRF token manually. # PARAMETERS - no\_validate\_hook Do not run validation automatically. - no\_html\_filter Disable HTML rewriting filter. By default, CSRFDefender inserts XSRF token for each form element. It's very useful but it hits performance issue if your site is very high traffic. - csrf\_token\_generator You can change the csrf token generation algorithm. # LICENSE Copyright (C) Tokuhiro Matsuno. This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. # AUTHOR Tokuhiro Matsuno # THANKS TO Kazuho Oku and mala for security advice. # SEE ALSO [Amon2](https://metacpan.org/pod/Amon2)