NAME
    CGI::Application::Plugin::ProtectCSRF - Plug-in protected from CSRF

VERSION
    0.02

SYSNPSIS
      use Your::App;
      use CGI::Application::Plugin::Session; # require!!
      use CGI::Application::Plugin::ProtectCSRF;

DESCRIPTION
    CGI::Application::Plugin::ProtectCSRF is C::A::P protected from CSRF.

    When CSRF is detected, 403 Forbidden is returned and processing is
    interrupted.

METHOD
  add_postonly_runmodes
    Runmodes set to runmodes returns add_postonly_runmodes "Forbidden"
    excluding POST Request.

    Example :

      sub setup { # or cgiapp_init

         my $self = shift;
         ....
         # When requests other than POST come to mode1, mode2, and mode3, Forbidden is 
         # returned.
         $self->add_postonly_runmodes(qw(mode1 mode2 mode3));
      }

  delete_postonly_runmodes
    To cancel runmode set with add_postonly_runmodes, it executes it.

    Example :

      $self->delete_postonly_runmodes(qw(mode1 mode2 mode3));

  clear_csrfid
    Clear csrfid. It is preferable to make it execute after processing ends.

    Input screen => confirmation screen => completion screen(here!!)

    Example :

      sub input {
        my $self = shift;
        ....
      }
  
      sub confirm {
        my $self = shift;
        ....
      }

      sub complete {
        my $self = shift;
        ...process start(DB insert etc..)
        $self->clear_csrfid;
        ....
      }

  is_post_request
    Check request method.If request method is POST, 1 is returned.

    Example :

      my $post_flag;
      if($self->is_post_request){
         # $self->query->request_method or $ENV{REQUEST_METHOD} is POST
      }else{
         # not POST
      }

CAUTION
    It has only the protection function of basic CSRF,and mount other
    security checks in the application, please.

SEE ALSO
    Carp CGI::Application CGI::Application::Plugin::Session Exporter
    Digest::SHA1 HTML::TokeParser List::Util

AUTHOR
    Akira Horimoto <kurt0027@gmail.com>

COPYRIGHT
    Copyright (C) 2006 Akira Horimoto

    This module is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself.