Using Plack::Middleware::CSRFBlock and jQuery to deal with Cross Site Request Forgery

published on
At $work, our flagship application was recently audited for potential security issues. One of the items which raised a red flag was the fact that we weren’t dealing with the threat of CSRF (Cross Site Request Forgery). The solution which we decided to implement was to add a CSRF token to all POST requests. This token should only be known to the app and the end user. Passing it along with a POST request gives some measure of assurance that a POST by the user is intentional and so can help to reduce the risk of CSRF. Read More...

Using Plack to Like a Module on Facebook

published on
We've made a couple of fun changes to cpan-mangler. First off, you can now "like" modules on Facebook: {.mt-image-center width=“600” height=“141” style=“text-align: center; display: block; margin: 0 auto 20px;”}{onclick=“‘','popup','width=989,height=233,scrollbars=no,resizable=no,toolbar=no,directories=no,location=no,menubar=no,status=no,left=0,top=0'); return false”} Now, up and downvoting of modules would be a lot more useful, but this can be fun (and confusing for your friends): {.mt-image-center width=“600” height=“109” style=“text-align: center; display: block; margin: 0 auto 20px;”}{onclick=“‘','popup','width=566,height=103,scrollbars=no,resizable=no,toolbar=no,directories=no,location=no,menubar=no,status=no,left=0,top=0'); return false”} Secondly, Lee Aylward added support for HTML::Highlighter: Read More...

Mangling CPAN with Plack::App::Proxy

published on
If you want syntax highlighting when viewing docs and source at, you don’t actually need to use Greasemonkey. You can do it with Plack and be up and running in just a few minutes. Last night I gave a lightning talk about this at and I’ve just posted the slides Basically, all you need to do is this: git clone git clone cpanm Plack Plack::App::Proxy Plack::Handler::Twiggy Read More...