./www/p5-WWW-CSRF, Generate and check tokens to protect against CSRF attacks

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.00nb9, Package name: p5-WWW-CSRF-1.00nb9, Maintainer: pkgsrc-users

This module generates tokens to help protect against a website attack
known as Cross-Site Request Forgery (CSRF, also known as XSRF). CSRF
is an attack where an attacker fools a browser into make a request to
a web server for which that browser will automatically include some
form of credentials (cookies, cached HTTP Basic authentication, etc.),
thus abusing the web server's trust in the user for malicious use.

The most common CSRF mitigation is sending a special, hard-to-guess
token with every request, and then require that any request that is
not idempotent (i.e., has side effects) must be accompanied with such
a token. This mitigation depends critically on the fact that while an
attacker can easily make the victim's browser make a request, the
browser security model (same-origin policy, or SOP for short) prevents
third-party sites from reading the results of that request.


Required to run:
[lang/perl5] [security/p5-Digest-HMAC] [security/p5-Bytes-Random-Secure]

Required to build:
[pkgtools/cwrappers]

Master sites: (Expand)

Filesize: 5.055 KB

Version history: (Expand)


CVS history: (Expand)


   2023-07-06 11:43:03 by Thomas Klausner | Files touched by this commit (2483)
Log message:
*: recursive bump for perl 5.38
   2022-06-28 13:38:00 by Thomas Klausner | Files touched by this commit (3952)
Log message:
*: recursive bump for perl 5.36
   2021-10-26 13:31:15 by Nia Alarie | Files touched by this commit (1030)
Log message:
www: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
   2021-10-07 17:09:00 by Nia Alarie | Files touched by this commit (1033)
Log message:
www: Remove SHA1 hashes for distfiles
   2021-05-24 21:56:06 by Thomas Klausner | Files touched by this commit (3575)
Log message:
*: recursive bump for perl 5.34
   2020-08-31 20:13:29 by Thomas Klausner | Files touched by this commit (3631)
Log message:
*: bump PKGREVISION for perl-5.32.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557)
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2019-06-30 22:17:50 by Nia Alarie | Files touched by this commit (1816)
Log message:
Update packages using a search.cpan.org HOMEPAGE to metacpan.org.

The former now redirects to the latter.

This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.

Reviewed by hand to hopefully make sure no unwanted changes sneak in.