Using Plack::Middleware::CSRFBlock and jQuery to deal with Cross Site Request Forgery

published on
At $work, our flagship application was recently audited for potential security issues. One of the items which raised a red flag was the fact that we weren’t dealing with the threat of CSRF (Cross Site Request Forgery). The solution which we decided to implement was to add a CSRF token to all POST requests. This token should only be known to the app and the end user. Passing it along with a POST request gives some measure of assurance that a POST by the user is intentional and so can help to reduce the risk of CSRF. Read More...

Using Plack to Like a Module on Facebook

published on
We’ve made a couple of fun changes to cpan-mangler. First off, you can now “like” modules on Facebook: Now, up and downvoting of modules would be a lot more useful, but this can be fun (and confusing for your friends): Secondly, Lee Aylward added support for HTML::Highlighter: Thirdly, we’ve added a tweaked version of Jesse Thompson’s CPAN Dependents Greasemonkey script. If you’ve already got cpan-mangler installed, a “git pull” should get you going (you’ll likely need to install some additional modules). Read More...

Mangling CPAN with Plack::App::Proxy

published on
If you want syntax highlighting when viewing docs and source at, you don’t actually need to use Greasemonkey. You can do it with Plack and be up and running in just a few minutes. Last night I gave a lightning talk about this at and I’ve just posted the slides Basically, all you need to do is this: git clone git clone cpanm Plack Plack::App::Proxy Plack::Handler::Twiggy Read More...