/ 
Mojolicious-0.999920
⭐ Starred 2674 / Mojo::Headers
Security Advisories (13)
CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

NAME

Mojo::Headers - Headers

SYNOPSIS

use Mojo::Headers;

my $headers = Mojo::Headers->new;
$headers->content_type('text/plain');
$headers->parse("Content-Type: text/html\n\n");
print "$headers";

DESCRIPTION

Mojo::Headers is a container and parser for HTTP headers.

ATTRIBUTES

Mojo::Headers inherits all attributes from Mojo::Stateful and implements the following new ones.

buffer

my $buffer = $headers->buffer;
$headers   = $headers->buffer(Mojo::ByteStream->new);

The Buffer to use for header parsing, by default a Mojo::ByteStream object.

connection

my $connection = $headers->connection;
$headers       = $headers->connection('close');

Shortcut for the Connection header.

content_disposition

my $content_disposition = $headers->content_disposition;
$headers                = $headers->content_disposition('foo');

Shortcut for the Content-Disposition header.

content_length

my $content_length = $headers->content_length;
$headers           = $headers->content_length(4000);

Shortcut for the Content-Length header.

content_transfer_encoding

my $encoding = $headers->content_transfer_encoding;
$headers     = $headers->content_transfer_encoding('foo');

Shortcut for the Content-Transfer-Encoding header.

content_type

my $content_type = $headers->content_type;
$headers         = $headers->content_type('text/plain');

Shortcut for the Content-Type header.

my $cookie = $headers->cookie;
$headers   = $headers->cookie('$Version=1; f=b; $Path=/');

Shortcut for the Cookie header.

date

my $date = $headers->date;
$headers = $headers->date('Sun, 17 Aug 2008 16:27:35 GMT');

Shortcut for the Date header.

expect

my $expect = $headers->expect;
$headers   = $headers->expect('100-continue');

Shortcut for the Expect header.

host

my $host = $headers->host;
$headers = $headers->host('127.0.0.1');

Shortcut for the Host header.

location

my $location = $headers->location;
$headers     = $headers->location('http://127.0.0.1/foo');

Shortcut for the Location header.

origin

my $origin = $headers->origin;
$headers   = $headers->origin('http://example.com');

Shortcut for the Origin header.

proxy_authorization

my $proxy_authorization = $headers->proxy_authorization;
$headers = $headers->proxy_authorization('Basic Zm9vOmJhcg==');

Shortcut for the Proxy-Authorization header.

server

my $server = $headers->server;
$headers   = $headers->server('Mojo');

Shortcut for the Server header.

my $set_cookie = $headers->set_cookie;
$headers       = $headers->set_cookie('f=b; Version=1; Path=/');

Shortcut for the Set-Cookie header.

set_cookie2

my $set_cookie2 = $headers->set_cookie2;
$headers        = $headers->set_cookie2('f=b; Version=1; Path=/');

Shortcut for the Set-Cookie2 header.

status

my $status = $headers->status;
$headers   = $headers->status('200 OK');

Shortcut for the Status header.

trailer

my $trailer = $headers->trailer;
$headers    = $headers->trailer('X-Foo');

Shortcut for the Trailer header.

transfer_encoding

my $transfer_encoding = $headers->transfer_encoding;
$headers              = $headers->transfer_encoding('chunked');

Shortcut for the Transfer-Encoding header.

upgrade

my $upgrade = $headers->upgrade;
$headers    = $headers->upgrade('WebSocket');

Shortcut for the Upgrade header.

user_agent

my $user_agent = $headers->user_agent;
$headers       = $headers->user_agent('Mojo/1.0');

Shortcut for the User-Agent header.

websocket_location

my $location = $headers->websocket_location;
$headers     = $headers->websocket_location('ws://example.com/demo');

Shortcut for the WebSocket-Location header.

websocket_origin

my $origin = $headers->websocket_origin;
$headers   = $headers->websocket_origin('http://example.com');

Shortcut for the WebSocket-Origin header.

websocket_protocol

my $protocol = $headers->websocket_protocol;
$headers     = $headers->websocket_protocol('sample');

Shortcut for the WebSocket-Protocol header.

METHODS

Mojo::Headers inherits all methods from Mojo::Stateful and implements the following new ones.

add

$headers = $headers->add('Content-Type', 'text/plain');

Add one or more header lines.

to_string

build

my $string = $headers->build;
my $string = $headers->to_string;
my $string = "$headers";

Format headers suitable for HTTP 1.1 messages.

from_hash

$headers = $headers->from_hash({'Content-Type' => 'text/html'});

Parse headers from a hash.

my $string = $headers->header('Content-Type');
my @lines  = $headers->header('Content-Type');
$headers   = $headers->header('Content-Type' => 'text/plain');

Get or replace the current header values. Note that this method is context sensitive and will turn all header lines into a single one in scalar context.

names

my $names = $headers->names;

Generate a list of all currently defined headers.

parse

my $success = $headers->parse("Content-Type: text/foo\n\n");

Parse formatted headers.

remove

$headers = $headers->remove('Content-Type');

Remove a header.

to_hash

my $hash = $headers->to_hash;
my $hash = $headers->to_hash(arrayref => 1);

Format headers as a hash. Nested arrayrefs to represent multi line values are optional.

SEE ALSO

Mojolicious, Mojolicious::Book, http://mojolicious.org.