NAME

Plack::Middleware::BlockHeaderInjection - block header injections in responses

VERSION

version v1.0.0

SYNOPSIS

use Plack::Builder;

my $app = ...

$app = builder {
  enable 'BlockHeaderInjection',
    status => 500;
  $app;
};

DESCRIPTION

This middleware will check responses for injected headers. If the headers contain newlines, then the return code is set to 500 and the offending header(s) are removed.

A common source of header injections is when parameters are passed unchecked into a header (such as the redirection location).

An attacker can use injected headers to bypass system security, by forging a header used for security (such as a referrer or cookie).

ATTRIBUTES

<status

The status code to return if an invalid header is found. By default, this is 500.

SOURCE

The development version is on github at https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection and may be cloned from git://github.com/robrwo/Plack-Middleware-BlockHeaderInjection.git

BUGS

Please report any bugs or feature requests on the bugtracker website https://github.com/robrwo/Plack-Middleware-BlockHeaderInjection/issues

When submitting a bug or request, please include a test-file or a patch to an existing test-file that illustrates the bug or desired feature.

AUTHOR

Robert Rothenberg rrwo@cpan.org

The initial development of this module was supported by Foxtons, Ltd https://www.foxtons.co.uk.

COPYRIGHT AND LICENSE

This is free software, licensed under:

The Artistic License 2.0 (GPL Compatible)

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)