NAME

Amon2::Plugin::Web::JSON - JSON plugin

SYNOPSIS

use Amon2::Lite;

__PACKAGE__->load_plugins(qw/Web::JSON/);

get '/' => sub {
    my $c = shift;
    return $c->render_json(+{foo => 'bar'});
};

__PACKAGE__->to_app();

DESCRIPTION

This is a JSON plugin.

METHODS

$c->render_json(\%dat);: Generate JSON data from \%dat and returns instance of Plack::Response.

PARAMETERS

status_code_field

It specify the field name of JSON to be embedded in the 'X-API-Status' header. Default is undef. If you set the undef to disable this 'X-API-Status' header.

__PACKAGE__->load_plugins(
    'Web::JSON' => { status_code_field => 'status' }
);
...
$c->render_json({ status => 200, message => 'ok' })
# send response header 'X-API-Status: 200'

In general JSON API error code embed in a JSON by JSON API Response body. But can not be logging the error code of JSON for the access log of a general Web Servers. You can possible by using the 'X-API-Status' header.

canonical

If canonical parameter is true, then this plugin will output JSON objects by sorting their keys. This is adding a comparatively high overhead.

__PACKAGE__->load_plugins(
    'Web::JSON' => { canonical => 1 }
);
...
$c->render_json({ b => 1, c => 1, a => 1 });
# json response is '{ "a" : 1, "b" : 1, "c" : 1 }'

FAQ

How can I use JSONP?: You can use JSONP by using Plack::Middleware::JSONP.

JSON and security

Browse the JSON files directly.

This module escapes '<', '>', and '+' characters by "\uXXXX" form. Browser don't detects the JSON as HTML.

And also this module outputs X-Content-Type-Options: nosniff header for IEs.

It's good enough, I hope.

JSON Hijacking

Latest browsers doesn't have a JSON hijacking issue(I hope). __defineSetter__ or UTF-7 attack was resolved by browsers.

But Firefox<=3.0.x and Android phones have issue on Array constructor, see http://d.hatena.ne.jp/ockeghem/20110907/p1.

Firefox<=3.0.x was outdated. Web application developers doesn't need to add work-around for it, see http://en.wikipedia.org/wiki/Firefox#Version_release_table.

Amon2::Plugin::Web::JSON have a JSON hijacking detection feature. Amon2::Plugin::Web::JSON returns "403 Forbidden" response if following pattern request.

The request have 'Cookie' header.
The request doesn't have 'X-Requested-With' header.
The request contains /android/i string in 'User-Agent' header.
Request method is 'GET'

FAQ

HOW DO YOU CHANGE THE HTTP STATUS CODE FOR JSON?

render_json method returns instance of Plack::Response. You can modify the response object.

Here is a example code:

get '/' => sub {
    my $c = shift;
    if (-f '/tmp/maintenance') {
        my $res = $c->render_json({err => 'Under maintenance'});
        $res->status(503);
        return $res;
    }
    return $c->render_json({err => undef});
};

THANKS TO

hasegawayosuke

To install Amon2, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Amon2

CPAN shell

perl -MCPAN -e shell
install Amon2

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)