/ 
Mojolicious-9.42
River stage four • 1087 direct dependents • 1232 total dependents
⭐ Starred 2674 GitHub stars
/ Mojo::Transaction::HTTP
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Transaction::HTTP - HTTP transaction

SYNOPSIS

use Mojo::Transaction::HTTP;

# Client
my $tx = Mojo::Transaction::HTTP->new;
$tx->req->method('GET');
$tx->req->url->parse('http://example.com');
$tx->req->headers->accept('application/json');
say $tx->res->code;
say $tx->res->headers->content_type;
say $tx->res->body;
say $tx->remote_address;

# Server
my $tx = Mojo::Transaction::HTTP->new;
say $tx->req->method;
say $tx->req->url->to_abs;
say $tx->req->headers->accept;
say $tx->remote_address;
$tx->res->code(200);
$tx->res->headers->content_type('text/plain');
$tx->res->body('Hello World!');

DESCRIPTION

Mojo::Transaction::HTTP is a container for HTTP transactions, based on RFC 7230 and RFC 7231.

EVENTS

Mojo::Transaction::HTTP inherits all events from Mojo::Transaction and can emit the following new ones.

request

$tx->on(request => sub ($tx) {...});

Emitted when a request is ready and needs to be handled.

$tx->on(request => sub ($tx) { $tx->res->headers->header('X-Bender' => 'Bite my shiny metal ass!') });

resume

$tx->on(resume => sub ($tx) {...});

Emitted when transaction is resumed.

unexpected

$tx->on(unexpected => sub ($tx, $res) {...});

Emitted for unexpected 1xx responses that will be ignored.

$tx->on(unexpected => sub ($tx) { $tx->res->on(finish => sub { say 'Follow-up response is finished.' }) });

ATTRIBUTES

Mojo::Transaction::HTTP inherits all attributes from Mojo::Transaction and implements the following new ones.

previous

my $previous = $tx->previous;
$tx          = $tx->previous(Mojo::Transaction::HTTP->new);

Previous transaction that triggered this follow-up transaction, usually a Mojo::Transaction::HTTP object.

# Paths of previous requests
say $tx->previous->previous->req->url->path;
say $tx->previous->req->url->path;

METHODS

Mojo::Transaction::HTTP inherits all methods from Mojo::Transaction and implements the following new ones.

client_read

$tx->client_read($bytes);

Read data client-side, used to implement user agents such as Mojo::UserAgent.

client_write

my $bytes = $tx->client_write;

Write data client-side, used to implement user agents such as Mojo::UserAgent.

is_empty

my $bool = $tx->is_empty;

Check transaction for HEAD request and 1xx, 204 or 304 response.

keep_alive

my $bool = $tx->keep_alive;

Check if connection can be kept alive.

redirects

my $redirects = $tx->redirects;

Return an array reference with all previous transactions that preceded this follow-up transaction.

# Paths of all previous requests
say $_->req->url->path for @{$tx->redirects};

resume

$tx = $tx->resume;

Resume transaction.

server_read

$tx->server_read($bytes);

Read data server-side, used to implement web servers such as Mojo::Server::Daemon.

server_write

my $bytes = $tx->server_write;

Write data server-side, used to implement web servers such as Mojo::Server::Daemon.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.