Revision history for Plack-Middleware-XSRFBlock 0.0.19 2023-07-14 10:17:10+01:00 Europe/London - SECURITY FIX! when *not* using signed cookies, it was possible to bypass XSRFBlock by POSTing an empty form value and an empty cookie - bump minimum perl version to 5.12, most dependencies already require it 0.0.18 2023-07-13 10:16:20+01:00 Europe/London - when invoking the `blocked` callback/app, log as `info` instead of `error` (@pangyre) (#27) 0.0.17 2022-10-17 10:57:09+01:00 Europe/London - remove internal _token_generator (wasn't documented, couldn't really be changed without also changing invalid_signature, and produced a ref loop) 0.0.16 2018-07-25 14:23:36+01:00 Europe/London - don't use Data::Printer (@dakkar) (#24) 0.0.15 2018-07-24 13:44:11+01:00 Europe/London - fix contents_to_filter_regex (@dakkar) (#23) - simpler non-html test (@dakkar) (#23) 0.0.14 2018-07-23 17:18:03+01:00 Europe/London - limit munging to appropriate content-types (@dakkar) (#22) - allow blocking non-POST methods (@dakkar) (#22) 0.0.13 2018-07-23 12:01:27+01:00 Europe/London - Replace $@ with $msg (#19) - Add missing use statement (#20) - Update Build Status icon/badge - Travis: add 5.26 and 5.24 as versions to test with - Update Dist::Zilla used in Travis 0.0.12 2017-07-13 06:35:46-04:00 America/New_York - Refactor internals to make extensible (PR #17) - dzil: use Git::Contributors instead of ContributorsFromGit (PR #18) 0.0.11 2015-09-07 16:44:57+00:00 UTC - Allow coderefs in token (pull-request #16) 0.0.10 2015-07-18 23:03:26+01:00 Europe/London - add scripts for BuildKite testing - dzil: Replace NoTabsTests with Test::NoTabs - fix #15: Use magic comment to crowbar in an essential dependency - add magic comments for other author dependencies that aren't auto-detected - Add *skeleton* POD for methods This is a shockingly lazy way for me to get my dist to pass Pod::Coverage tests - re-arrange POD in file; so method POD appears in a sensible location - add (markdown) section of POD for build status to show (in github/README.mkdn) 0.0.9 2014-10-13 10:15:38+00:00 UTC - Optionally allow signed cookies escape token injected into html (pull #14) 0.0.8 2014-09-18 08:01:40+00:00 UTC - Add option to set XSRF token cookie as a session cookie (pull #13) 0.0.7 2014-08-28 16:51:04+00:00 UTC - Set cookie once we know we have HTML (issue #12) - Update POD docs with inject_form_input field docs (pull #10) 0.0.6 2014-08-05 20:47:11+00:00 UTC - Pass app() to 'blocked' sub (pull #8) - Allow bypassing form input injection (pull #9) 0.0.5 2014-07-22 15:28:43+00:00 UTC - stop requiring end-users have Pod::Weaver::Section::Contributors This was a mistake with the dist.ini Prereqs on my part Raised by tomhukins in issue #7 Changed BuildRequires -> DevelopRequires 0.0.4 2014-07-09 12:44:03+00:00 UTC - Add PSGI env to xsrf_detected arguments [mryall: pull #6] 0.0.3 2014-06-24 15:01:07+00:00 UTC - Prevent a warning for forms with no action [willert: pull #5] 0.0.2 2014-03-28 11:33:16+00:00 UTC - Add cookie_options setting [github:throughnothing] - add and use Dist::Zilla::Plugin::ContributorsFromGit 0.0.1 2013-10-21 15:35:10 UTC - Add header_name / X-* header feature - Add Git Commit and Push to end of dist.ini - Add improved 'undef' handling in some checks - Add POD explaining the error messages in more detail - Specify main_module in dist.ini 0.0.0_05 2013-06-24 00:29:09 Europe/London - add test(s) for 'meta_tag' option - add test(s) for 'blocked' option - add 'cookie_expiry_seconds' option - add documentation for 'blocked' option 0.0.0_04 2013-06-21 16:03:08 Europe/London - add FURTHER READING to documentation - add missing test module dependency 0.0.0_03 2013-06-21 15:47:42 Europe/London - extend and refactor tests 0.0.0_02 2013-06-21 15:07:06 Europe/London - fix content modification so we don't throw most of it away - fix broken input field - allow meta_tag value to be set/over-ridden - add 'token_per_request' feature - factor out some common test functions and update tests to use Test::XSRFBlock::Util - extend documentation 0.0.0_01 2013-06-20 12:00:04 Europe/London - Initial release