/ 
Mojolicious-3.21
⭐ Starred 2674
/ Mojolicious::Routes::Route
Security Advisories (10)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

NAME

Mojolicious::Routes::Route - Route

SYNOPSIS

use Mojolicious::Routes::Route;

my $r = Mojolicious::Routes::Route->new;

DESCRIPTION

Mojolicious::Routes::Route is the route container used by Mojolicious::Routes.

ATTRIBUTES

Mojolicious::Routes::Route implements the following attributes.

children

my $children = $r->children;
$r           = $r->children([Mojolicious::Routes::Route->new]);

The children of this route, used for nesting routes.

inline

my $inline = $r->inline;
$r         = $r->inline(1);

Allow bridge semantics for this route.

parent

my $parent = $r->parent;
$r         = $r->parent(Mojolicious::Routes::Route->new);

The parent of this route, used for nesting routes.

partial

my $partial = $r->partial;
$r          = $r->partial(1);

Route has no specific end, remaining characters will be captured in path.

pattern

my $pattern = $r->pattern;
$r          = $r->pattern(Mojolicious::Routes::Pattern->new);

Pattern for this route, defaults to a Mojolicious::Routes::Pattern object.

METHODS

Mojolicious::Routes::Route inherits all methods from Mojo::Base and implements the following ones.

new

my $r = Mojolicious::Routes::Route->new;
my $r = Mojolicious::Routes::Route->new('/:controller/:action');

Construct a new Mojolicious::Routes::Route object.

add_child

$r = $r->add_child(Mojolicious::Route->new);

Add a new child to this route, it will be automatically removed from its current parent if necessary.

# Reattach route
$r->add_child($r->find('foo'));

any

my $route = $r->any('/:foo' => sub {...});
my $route = $r->any([qw(GET POST)] => '/:foo' => sub {...});

Generate route matching any of the listed HTTP request methods or all. See also the Mojolicious::Lite tutorial for more argument variations.

$r->any('/user')->to('user#whatever');

bridge

my $bridge = $r->bridge;
my $bridge = $r->bridge('/:action');
my $bridge = $r->bridge('/:action', action => qr/\w+/);
my $bridge = $r->bridge(format => 0);

Generate bridge route.

my $auth = $r->bridge('/user')->to('user#auth');
$auth->get('/show')->to('#show');
$auth->post('/create')->to('#create');

delete

my $route = $r->delete('/:foo' => sub {...});

Generate route matching only DELETE requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->delete('/user')->to('user#remove');

detour

$r = $r->detour(action => 'foo');
$r = $r->detour({action => 'foo'});
$r = $r->detour('controller#action');
$r = $r->detour('controller#action', foo => 'bar');
$r = $r->detour('controller#action', {foo => 'bar'});
$r = $r->detour(Mojolicious->new);
$r = $r->detour(Mojolicious->new, foo => 'bar');
$r = $r->detour(Mojolicious->new, {foo => 'bar'});
$r = $r->detour('MyApp');
$r = $r->detour('MyApp', foo => 'bar');
$r = $r->detour('MyApp', {foo => 'bar'});

Set default parameters for this route and allow partial matching to simplify application embedding.

find

my $route = $r->find('foo');

Find child route by name, custom names have precedence over automatically generated ones.

$r->find('show_user')->to(foo => 'bar');

get

my $route = $r->get('/:foo' => sub {...});

Generate route matching only GET requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->get('/user')->to('user#show');

has_conditions

my $success = $r->has_conditions;

Check if this route has active conditions.

has_custom_name

my $success = $r->has_custom_name;

Check if this route has a custom name.

has_websocket

my $success = $r->has_websocket;

Check if this route has a WebSocket ancestor.

is_endpoint

my $success = $r->is_endpoint;

Check if this route qualifies as an endpoint.

is_websocket

my $success = $r->is_websocket;

Check if this route is a WebSocket.

name

my $name = $r->name;
$r       = $r->name('foo');

The name of this route, defaults to an automatically generated name based on the route pattern. Note that the name current is reserved for refering to the current route.

$r->get('/user')->to('user#show')->name('show_user');

options

my $route = $r->options('/:foo' => sub {...});

Generate route matching only OPTIONS requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->options('/user')->to('user#overview');

over

my $over = $r->over;
$r       = $r->over(foo => qr/\w+/);

Activate conditions for this route. Note that this automatically disables the routing cache, since conditions are too complex for caching.

$r->get('/foo')->over(host => qr/mojolicio\.us/)->to('foo#bar');

parse

$r = $r->parse('/:action');
$r = $r->parse('/:action', action => qr/\w+/);
$r = $r->parse(format => 0);

Parse a pattern.

patch

my $route = $r->patch('/:foo' => sub {...});

Generate route matching only PATCH requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->patch('/user')->to('user#update');

post

my $route = $r->post('/:foo' => sub {...});

Generate route matching only POST requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->post('/user')->to('user#create');

put

my $route = $r->put('/:foo' => sub {...});

Generate route matching only PUT requests. See also the Mojolicious::Lite tutorial for more argument variations.

$r->put('/user')->to('user#replace');

remove

$r = $r->remove;

Remove route from parent.

# Remove route completely
$r->find('foo')->remove;

# Reattach route to new parent
$r->route('/foo')->add_child($r->find('bar')->remove);

render

my $path = $r->render($suffix);
my $path = $r->render($suffix, {foo => 'bar'});

Render route with parameters into a path.

root

my $root = $r->root;

The Mojolicious::Routes object this route is an ancestor of.

$r->root->cache(0);

route

my $route = $r->route;
my $route = $r->route('/:action');
my $route = $r->route('/:action', action => qr/\w+/);
my $route = $r->route(format => 0);

Generate route matching all HTTP request methods.

to

my $defaults = $r->to;
$r           = $r->to(action => 'foo');
$r           = $r->to({action => 'foo'});
$r           = $r->to('controller#action');
$r           = $r->to('controller#action', foo => 'bar');
$r           = $r->to('controller#action', {foo => 'bar'});
$r           = $r->to(Mojolicious->new);
$r           = $r->to(Mojolicious->new, foo => 'bar');
$r           = $r->to(Mojolicious->new, {foo => 'bar'});
$r           = $r->to('MyApp');
$r           = $r->to('MyApp', foo => 'bar');
$r           = $r->to('MyApp', {foo => 'bar'});

Set default parameters for this route.

to_string

my $string = $r->to_string;

Stringify the whole route.

under

my $route = $r->under(sub {...});
my $route = $r->under('/:foo');

Generate bridge route. See also the Mojolicious::Lite tutorial for more argument variations.

my $auth = $r->under('/user')->to('user#auth');
$auth->get('/show')->to('#show');
$auth->post('/create')->to('#create');

via

my $methods = $r->via;
$r          = $r->via('GET');
$r          = $r->via(qw(GET POST));
$r          = $r->via([qw(GET POST)]);

Restrict HTTP methods this route is allowed to handle, defaults to no restrictions.

$r->route('/foo')->via(qw(GET POST))->to('foo#bar');

websocket

my $websocket = $r->websocket('/:foo' => sub {...});

Generate route matching only WebSocket handshakes. See also the Mojolicious::Lite tutorial for more argument variations.

$r->websocket('/echo')->to('example#echo');

SHORTCUTS

In addition to the attributes and methods above you can also call shortcuts on Mojolicious::Routes::Route objects.

$r->root->add_shortcut(firefox => sub {
  my ($r, $path) = @_;
  $r->get($path, agent => qr/Firefox/);
});

$r->firefox('/welcome')->to('firefox#welcome');
$r->firefox('/bye')->to('firefox#bye);

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicio.us.