Security Advisories (2)

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojolicious::Types - MIME types

SYNOPSIS

use Mojolicious::Types;

my $types = Mojolicious::Types->new;
$types->type(foo => 'text/foo');
say $types->type('foo');

DESCRIPTION

Mojolicious::Types manages MIME types for Mojolicious.

appcache -> text/cache-manifest
atom     -> application/atom+xml
bin      -> application/octet-stream
css      -> text/css
gif      -> image/gif
gz       -> application/x-gzip
htm      -> text/html
html     -> text/html;charset=UTF-8
ico      -> image/x-icon
jpeg     -> image/jpeg
jpg      -> image/jpeg
js       -> application/javascript
json     -> application/json;charset=UTF-8
mp3      -> audio/mpeg
mp4      -> video/mp4
ogg      -> audio/ogg
ogv      -> video/ogg
pdf      -> application/pdf
png      -> image/png
rss      -> application/rss+xml
sse      -> text/event-stream
svg      -> image/svg+xml
ttf      -> font/ttf
txt      -> text/plain;charset=UTF-8
webm     -> video/webm
woff     -> font/woff
woff2    -> font/woff2
xml      -> application/xml,text/xml
zip      -> application/zip

The most common ones are already defined.

ATTRIBUTES

Mojolicious::Types implements the following attributes.

mapping

my $mapping = $types->mapping;
$types      = $types->mapping({png => ['image/png']});

MIME type mapping.

METHODS

Mojolicious::Types inherits all methods from Mojo::Base and implements the following new ones.

content_type

$types->content_type(Mojolicious::Controller->new, {ext => 'json'});

Detect MIME type for Mojolicious::Controller object unless a Content-Type response header has already been set, defaults to using application/octet-stream if no better alternative could be found. These options are currently available:

ext

ext => 'json'

File extension to get MIME type for.

file

file => 'foo/bar.png'

File path to get MIME type for.

detect

my $exts = $types->detect('text/html, application/json;q=9');

Detect file extensions from Accept header value.

# List detected extensions prioritized
say for @{$types->detect('application/json, text/xml;q=0.1', 1)};

file_type

my $type = $types->file_type('foo/bar.png');

Get MIME type for file path.

type

my $type = $types->type('png');
$types   = $types->type(png => 'image/png');
$types   = $types->type(json => ['application/json', 'text/x-json']);

Get or set MIME types for file extension, alternatives are only used for detection.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)