/ 
Mojolicious-7.21
⭐ Starred 2674
/ Mojo::Message::Response
Security Advisories (8)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojo::Message::Response - HTTP response

SYNOPSIS

use Mojo::Message::Response;

# Parse
my $res = Mojo::Message::Response->new;
$res->parse("HTTP/1.0 200 OK\x0d\x0a");
$res->parse("Content-Length: 12\x0d\x0a");
$res->parse("Content-Type: text/plain\x0d\x0a\x0d\x0a");
$res->parse('Hello World!');
say $res->code;
say $res->headers->content_type;
say $res->body;

# Build
my $res = Mojo::Message::Response->new;
$res->code(200);
$res->headers->content_type('text/plain');
$res->body('Hello World!');
say $res->to_string;

DESCRIPTION

Mojo::Message::Response is a container for HTTP responses, based on RFC 7230 and RFC 7231.

EVENTS

Mojo::Message::Response inherits all events from Mojo::Message.

ATTRIBUTES

Mojo::Message::Response inherits all attributes from Mojo::Message and implements the following new ones.

code

my $code = $res->code;
$res     = $res->code(200);

HTTP response status code.

message

my $msg = $res->message;
$res    = $res->message('OK');

HTTP response status message.

METHODS

Mojo::Message::Response inherits all methods from Mojo::Message and implements the following new ones.

cookies

my $cookies = $res->cookies;
$res        = $res->cookies(Mojo::Cookie::Response->new);
$res        = $res->cookies({name => 'foo', value => 'bar'});

Access response cookies, usually Mojo::Cookie::Response objects.

# Names of all cookies
say $_->name for @{$res->cookies};

default_message

my $msg = $res->default_message;
my $msg = $res->default_message(418);

Generate default response message for status code, defaults to using "code".

extract_start_line

my $bool = $res->extract_start_line(\$str);

Extract status-line from string.

fix_headers

$res = $res->fix_headers;

Make sure response has all required headers.

get_start_line_chunk

my $bytes = $res->get_start_line_chunk($offset);

Get a chunk of status-line data starting from a specific position. Note that this method finalizes the response.

is_client_error

my $bool = $res->is_client_error;

Check if this response has a 4xx status "code".

is_empty

my $bool = $res->is_empty;

Check if this response has a 1xx, 204 or 304 status "code".

is_error

my $bool = $res->is_error;

Check if this response has a 4xx or 5xx status "code".

is_info

my $bool = $res->is_info;

Check if this response has a 1xx status "code".

is_redirect

my $bool = $res->is_redirect;

Check if this response has a 3xx status "code".

is_server_error

my $bool = $res->is_server_error;

Check if this response has a 5xx status "code".

is_success

my $bool = $res->is_success;

Check if this response has a 2xx status "code".

start_line_size

my $size = $req->start_line_size;

Size of the status-line in bytes. Note that this method finalizes the response.

SEE ALSO

Mojolicious, Mojolicious::Guides, http://mojolicious.org.