/ 
Mojolicious-9.42
River stage four • 1019 direct dependents • 1130 total dependents
⭐ Starred 2674 GitHub stars
/ Mojo::Message::Response
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Message::Response - HTTP response

SYNOPSIS

use Mojo::Message::Response;

# Parse
my $res = Mojo::Message::Response->new;
$res->parse("HTTP/1.0 200 OK\x0d\x0a");
$res->parse("Content-Length: 12\x0d\x0a");
$res->parse("Content-Type: text/plain\x0d\x0a\x0d\x0a");
$res->parse('Hello World!');
say $res->code;
say $res->headers->content_type;
say $res->body;

# Build
my $res = Mojo::Message::Response->new;
$res->code(200);
$res->headers->content_type('text/plain');
$res->body('Hello World!');
say $res->to_string;

DESCRIPTION

Mojo::Message::Response is a container for HTTP responses, based on RFC 7230 and RFC 7231.

EVENTS

Mojo::Message::Response inherits all events from Mojo::Message.

ATTRIBUTES

Mojo::Message::Response inherits all attributes from Mojo::Message and implements the following new ones.

code

my $code = $res->code;
$res     = $res->code(200);

HTTP response status code.

max_message_size

my $size = $res->max_message_size;
$res     = $res->max_message_size(1024);

Maximum message size in bytes, defaults to the value of the MOJO_MAX_MESSAGE_SIZE environment variable or 2147483648 (2GiB). Setting the value to 0 will allow messages of indefinite size.

message

my $msg = $res->message;
$res    = $res->message('OK');

HTTP response status message.

METHODS

Mojo::Message::Response inherits all methods from Mojo::Message and implements the following new ones.

cookies

my $cookies = $res->cookies;
$res        = $res->cookies(Mojo::Cookie::Response->new);
$res        = $res->cookies({name => 'foo', value => 'bar'});

Access response cookies, usually Mojo::Cookie::Response objects.

# Names of all cookies
say $_->name for @{$res->cookies};

default_message

my $msg = $res->default_message;
my $msg = $res->default_message(418);

Generate default response message for status code, defaults to using "code".

extract_start_line

my $bool = $res->extract_start_line(\$str);

Extract status-line from string.

fix_headers

$res = $res->fix_headers;

Make sure response has all required headers.

get_start_line_chunk

my $bytes = $res->get_start_line_chunk($offset);

Get a chunk of status-line data starting from a specific position. Note that this method finalizes the response.

is_client_error

my $bool = $res->is_client_error;

Check if this response has a 4xx status "code".

is_empty

my $bool = $res->is_empty;

Check if this response has a 1xx, 204 or 304 status "code".

is_error

my $bool = $res->is_error;

Check if this response has a 4xx or 5xx status "code".

is_info

my $bool = $res->is_info;

Check if this response has a 1xx status "code".

is_redirect

my $bool = $res->is_redirect;

Check if this response has a 3xx status "code".

is_server_error

my $bool = $res->is_server_error;

Check if this response has a 5xx status "code".

is_success

my $bool = $res->is_success;

Check if this response has a 2xx status "code".

start_line_size

my $size = $req->start_line_size;

Size of the status-line in bytes. Note that this method finalizes the response.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.