/ 
Mojolicious-2.21
⭐ Starred 2674
/ Mojo::Headers
Security Advisories (10)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojo::Headers - Headers

SYNOPSIS

use Mojo::Headers;

my $headers = Mojo::Headers->new;
$headers->content_type('text/plain');
$headers->parse("Content-Type: text/html\n\n");

DESCRIPTION

Mojo::Headers is a container and parser for HTTP headers.

ATTRIBUTES

Mojo::Headers implements the following attributes.

max_line_size

my $size = $headers->max_line_size;
$headers = $headers->max_line_size(1024);

Maximum line size in bytes, defaults to the value of MOJO_MAX_LINE_SIZE or 10240. Note that this attribute is EXPERIMENTAL and might change without warning!

METHODS

Mojo::Headers inherits all methods from Mojo::Base and implements the following new ones.

accept

my $accept = $headers->accept;
$headers   = $headers->accept('application/json');

Shortcut for the Accept header.

accept_language

my $accept_language = $headers->accept_language;
$headers            = $headers->accept_language('de, en');

Shortcut for the Accept-Language header.

accept_ranges

my $ranges = $headers->accept_ranges;
$headers   = $headers->accept_ranges('bytes');

Shortcut for the Accept-Ranges header.

add

$headers = $headers->add('Content-Type', 'text/plain');

Add one or more header lines.

authorization

my $authorization = $headers->authorization;
$headers          = $headers->authorization('Basic Zm9vOmJhcg==');

Shortcut for the Authorization header.

cache_control

my $cache_control = $headers->cache_control;
$headers          = $headers->cache_control('max-age=1, no-cache');

Shortcut for the Cache-Control header.

clone

my $clone = $headers->clone;

Clone headers. Note that this method is EXPERIMENTAL and might change without warning!

connection

my $connection = $headers->connection;
$headers       = $headers->connection('close');

Shortcut for the Connection header.

content_disposition

my $content_disposition = $headers->content_disposition;
$headers                = $headers->content_disposition('foo');

Shortcut for the Content-Disposition header.

content_length

my $content_length = $headers->content_length;
$headers           = $headers->content_length(4000);

Shortcut for the Content-Length header.

content_range

my $range = $headers->content_range;
$headers  = $headers->content_range('bytes 2-8/100');

Shortcut for the Content-Range header.

content_transfer_encoding

my $encoding = $headers->content_transfer_encoding;
$headers     = $headers->content_transfer_encoding('foo');

Shortcut for the Content-Transfer-Encoding header.

content_type

my $content_type = $headers->content_type;
$headers         = $headers->content_type('text/plain');

Shortcut for the Content-Type header.

my $cookie = $headers->cookie;
$headers   = $headers->cookie('$Version=1; f=b; $Path=/');

Shortcut for the Cookie header.

date

my $date = $headers->date;
$headers = $headers->date('Sun, 17 Aug 2008 16:27:35 GMT');

Shortcut for the Date header.

dnt

my $dnt  = $headers->dnt;
$headers = $headers->dnt(1);

Shortcut for the DNT (Do Not Track) header. Note that this method is EXPERIMENTAL and might change without warning!

expect

my $expect = $headers->expect;
$headers   = $headers->expect('100-continue');

Shortcut for the Expect header.

expires

my $expires = $headers->expires;
$headers    = $headers->expires('Thu, 01 Dec 1994 16:00:00 GMT');

Shortcut for the Expires header.

from_hash

$headers = $headers->from_hash({'Content-Type' => 'text/html'});

Parse headers from a hash.

my $string = $headers->header('Content-Type');
my @lines  = $headers->header('Content-Type');
$headers   = $headers->header('Content-Type' => 'text/plain');

Get or replace the current header values.

# Multiple headers with the same name
for my $header ($headers->header('Set-Cookie')) {
  say 'Set-Cookie:';

  # Each header contains an array of lines
  for my $line (@$header) {
    say $line;
  }
}

host

my $host = $headers->host;
$headers = $headers->host('127.0.0.1');

Shortcut for the Host header.

if_modified_since

my $m    = $headers->if_modified_since;
$headers = $headers->if_modified_since('Sun, 17 Aug 2008 16:27:35 GMT');

Shortcut for the If-Modified-Since header.

is_finished

my $success = $headers->is_finished;

Check if header parser is finished.

is_limit_exceeded

my $success = $headers->is_limit_exceeded;

Check if a header has exceeded max_line_size. Note that this method is EXPERIMENTAL and might change without warning!

last_modified

my $m    = $headers->last_modified;
$headers = $headers->last_modified('Sun, 17 Aug 2008 16:27:35 GMT');

Shortcut for the Last-Modified header.

leftovers

my $leftovers = $headers->leftovers;

Leftovers.

location

my $location = $headers->location;
$headers     = $headers->location('http://127.0.0.1/foo');

Shortcut for the Location header.

names

my $names = $headers->names;

Generate a list of all currently defined headers.

parse

$headers = $headers->parse("Content-Type: text/foo\n\n");

Parse formatted headers.

proxy_authenticate

my $authenticate = $headers->proxy_authenticate;
$headers         = $headers->proxy_authenticate('Basic "realm"');

Shortcut for the Proxy-Authenticate header.

proxy_authorization

my $proxy_authorization = $headers->proxy_authorization;
$headers = $headers->proxy_authorization('Basic Zm9vOmJhcg==');

Shortcut for the Proxy-Authorization header.

range

my $range = $headers->range;
$headers  = $headers->range('bytes=2-8');

Shortcut for the Range header.

referrer

my $referrer = $headers->referrer;
$headers     = $headers->referrer('http://mojolicio.us');

Shortcut for the Referer header, there was a typo in RFC 2068 which resulted in Referer becoming an official header.

remove

$headers = $headers->remove('Content-Type');

Remove a header.

sec_websocket_accept

my $accept = $headers->sec_websocket_accept;
$headers   = $headers->sec_websocket_accept('s3pPLMBiTxaQ9kYGzzhZRbK+xOo=');

Shortcut for the Sec-WebSocket-Accept header.

sec_websocket_key

my $key  = $headers->sec_websocket_key;
$headers = $headers->sec_websocket_key('dGhlIHNhbXBsZSBub25jZQ==');

Shortcut for the Sec-WebSocket-Key header.

sec_websocket_origin

my $origin = $headers->sec_websocket_origin;
$headers   = $headers->sec_websocket_origin('http://example.com');

Shortcut for the Sec-WebSocket-Origin header.

sec_websocket_protocol

my $protocol = $headers->sec_websocket_protocol;
$headers     = $headers->sec_websocket_protocol('sample');

Shortcut for the Sec-WebSocket-Protocol header.

sec_websocket_version

my $version = $headers->sec_websocket_version;
$headers    = $headers->sec_websocket_version(13);

Shortcut for the Sec-WebSocket-Version header.

server

my $server = $headers->server;
$headers   = $headers->server('Mojo');

Shortcut for the Server header.

my $set_cookie = $headers->set_cookie;
$headers       = $headers->set_cookie('f=b; Version=1; Path=/');

Shortcut for the Set-Cookie header.

set_cookie2

my $set_cookie2 = $headers->set_cookie2;
$headers        = $headers->set_cookie2('f=b; Version=1; Path=/');

Shortcut for the Set-Cookie2 header.

status

my $status = $headers->status;
$headers   = $headers->status('200 OK');

Shortcut for the Status header.

to_hash

my $hash = $headers->to_hash;
my $hash = $headers->to_hash(arrayref => 1);

Format headers as a hash. Nested arrayrefs to represent multi line values are optional.

to_string

my $string = $headers->to_string;

Format headers suitable for HTTP 1.1 messages.

trailer

my $trailer = $headers->trailer;
$headers    = $headers->trailer('X-Foo');

Shortcut for the Trailer header.

transfer_encoding

my $transfer_encoding = $headers->transfer_encoding;
$headers              = $headers->transfer_encoding('chunked');

Shortcut for the Transfer-Encoding header.

upgrade

my $upgrade = $headers->upgrade;
$headers    = $headers->upgrade('WebSocket');

Shortcut for the Upgrade header.

user_agent

my $user_agent = $headers->user_agent;
$headers       = $headers->user_agent('Mojo/1.0');

Shortcut for the User-Agent header.

www_authenticate

my $authenticate = $headers->www_authenticate;
$headers         = $headers->www_authenticate('Basic realm="realm"');

Shortcut for the WWW-Authenticate header.

x_forwarded_for

my $x_forwarded_for = $headers->x_forwarded_for;
$headers            = $headers->x_forwarded_for('127.0.0.1');

Shortcut for the X-Forwarded-For header.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicio.us.