Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/robrwo/plack-middleware-blockheaderinjection
Plack middleware to block header injections
https://github.com/robrwo/plack-middleware-blockheaderinjection
Last synced: 11 days ago
JSON representation
Plack middleware to block header injections
- Host: GitHub
- URL: https://github.com/robrwo/plack-middleware-blockheaderinjection
- Owner: robrwo
- Created: 2014-06-26T20:26:47.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2023-06-19T08:41:32.000Z (over 1 year ago)
- Last Synced: 2024-10-11T21:56:27.526Z (about 1 month ago)
- Language: Perl
- Size: 32.2 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: Changes
Awesome Lists containing this project
README
# NAME
Plack::Middleware::BlockHeaderInjection - block header injections in responses
# VERSION
version v1.1.1
# SYNOPSIS
```perl
use Plack::Builder;
my $app = ...
$app = builder {
enable 'BlockHeaderInjection',
status => 500;
$app;
};
```
# DESCRIPTION
This middleware will check responses for injected headers. If the
headers contain newlines, then the return code is set to `500` and
the offending header(s) are removed.
A common source of header injections is when parameters are passed
unchecked into a header (such as the redirection location).
An attacker can use injected headers to bypass system security, by
forging a header used for security (such as a referrer or cookie).
# ATTRIBUTES
## <status
The status code to return if an invalid header is found. By default,
this is `500`.
# SUPPORT FOR OLDER PERL VERSIONS
Since v1.1.0, this module requires Perl v5.12 or later.
Future releases may only support Perl versions released in the last ten years.
If you need this module on Perl v5.8, please use one of the v1.0.x versions of this module. Signficant bug or security
fixes may be backported to those versions.
# SEE ALSO
[https://en.wikipedia.org/wiki/HTTP\_header\_injection](https://en.wikipedia.org/wiki/HTTP_header_injection)
# SOURCE
The development version is on github at [https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection](https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection)
and may be cloned from [git://github.com/robrwo/Plack-Middleware-BlockHeaderInjection.git](git://github.com/robrwo/Plack-Middleware-BlockHeaderInjection.git)
# BUGS
Please report any bugs or feature requests on the bugtracker website
[https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection/issues](https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection/issues)
When submitting a bug or request, please include a test-file or a
patch to an existing test-file that illustrates the bug or desired
feature.
# AUTHOR
Robert Rothenberg
The initial development of this module was supported by
Foxtons, Ltd [https://www.foxtons.co.uk](https://www.foxtons.co.uk).
# COPYRIGHT AND LICENSE
This software is Copyright (c) 2014,2020,2023 by Robert Rothenberg.
This is free software, licensed under:
```
The Artistic License 2.0 (GPL Compatible)
```