On 29 Mar 2010, at 10:12, Jon mailinglists wrote:
That's why I was talking auth tokens or some other means of
protection.
A guess so, given that auth tokens are an XSRF protection really :)
I suppose more people have thought of that, and this isn't really
Catalyst specific but very
Sounds like you want Catalyst::Action::Serialize.
--
Best regards, Alex
Am Freitag, den 26.03.2010, 10:43 +0100 schrieb Jon mailinglists:
Hi all,
I'm making a small catalyst application and I want to be able to serve
different types of content based on parameters and/or request headers.
I'm
On Mon, Mar 29, 2010 at 12:13 AM, Tomas Doran bobtf...@bobtfish.net wrote:
On 28 Mar 2010, at 15:12, Jon mailinglists wrote:
I then login to my application in one tab, and in another tab access
this js/html. That will give back the data about me since I've got a
valid session which gets sent
On Mon, Mar 29, 2010 at 2:12 AM, Jon mailinglists jon.ml...@gmail.comwrote:
It seems like it is. I just stumbled upon this when checking out YUI
3, and had managed to stay oblivious to this problem before. I then
went on with checking if one could make an attack that way and got a
bit scared
Hi
Top posting, don't rip my head off.
I'll try explaining a bit better. English isn't my first language and
it can be a bit hard explaining too abstract things sometimes. So a
more hands on try coming up:
In my catalyst app I have this sub (not really, but this makes things
easier to follow):
On Sun, Mar 28, 2010 at 7:12 AM, Jon mailinglists jon.ml...@gmail.comwrote:
In my catalyst app I have this sub (not really, but this makes things
easier to follow):
sub get_info : Local {
my ($self, $c) = @_;
my $info = $c-user-member_info;
my $res =
On 28 Mar 2010, at 15:12, Jon mailinglists wrote:
I then login to my application in one tab, and in another tab access
this js/html. That will give back the data about me since I've got a
valid session which gets sent to my catalyst server. That means
evilempire.com has access to my logged in
On 28 Mar 2010, at 22:41, Bill Moseley wrote:
Hopefully, that's clear -- and correct. ;)
Yes, I think so - in the reply I just sent to the list to this thread
I had entirely neglected to notice that the main issue is the JSONP
thing, rather than the general case of XSRF.
Not to say that
On Sun, Mar 28, 2010 at 3:13 PM, Tomas Doran bobtf...@bobtfish.net wrote:
Speaking of XSRF:
It would be possible to parse the HTML your app output, add an extra hidden
field to any forms you had generated in the page, and then look for a
previously generated token and redirect / refuse the
On 29 Mar 2010, at 01:06, Bill Moseley wrote:
I do this -- every POST must include token, and the token can only
be used once. That means the the form must be fetched before bing
posted (to generate the token).
Have anything generic you'd care to share? :)
However this would
On Sun, Mar 28, 2010 at 6:05 PM, Tomas Doran bobtf...@bobtfish.net wrote:
On 29 Mar 2010, at 01:06, Bill Moseley wrote:
I do this -- every POST must include token, and the token can only be used
once. That means the the form must be fetched before bing posted (to
generate the token).
Hi all,
I'm making a small catalyst application and I want to be able to serve
different types of content based on parameters and/or request headers.
I'm curious about where the correct location for that kind of code
is, my current sollution is in the Root end like this:
sub end :
Jon mailinglists wrote:
Hi all,
I'm making a small catalyst application and I want to be able to serve
different types of content based on parameters and/or request headers.
I'm curious about where the correct location for that kind of code
is, my current sollution is in the Root end like this:
On Fri, Mar 26, 2010 at 5:50 AM, Tomas Doran bobtf...@bobtfish.net wrote:
The controller asks the model for some data, and then chooses how to
present that data (whilst the view actually handles the presentation
details.
That means the controllers have to be aware of the view. That is, the
From: Bill Moseley mose...@hank.org
To: The elegant MVC web framework catalyst@lists.scsys.co.uk
Sent: Fri, March 26, 2010 9:15:47 AM
Subject: Re: [Catalyst] Picking template type based on input
On Fri, Mar 26, 2010 at 5:50 AM, Tomas Doran bobtf...@bobtfish.net wrote:
The controller asks
On Fri, Mar 26, 2010 at 1:50 PM, Tomas Doran bobtf...@bobtfish.net wrote:
Jon mailinglists wrote:
Hi all,
[snip]
How is generating JSON in template toolkit not 100% insane?
Please use something like Catalyst::View::JSON instead?
To be honest I haven't tried it but seeing you're involved
On Fri, Mar 26, 2010 at 9:31 AM, Jon mailinglists jon.ml...@gmail.com wrote:
On Fri, Mar 26, 2010 at 1:50 PM, Tomas Doran bobtf...@bobtfish.net wrote:
Jon mailinglists wrote:
Hi all,
[snip]
How is generating JSON in template toolkit not 100% insane?
Please use something like
On Fri, Mar 26, 2010 at 6:03 PM, J. Shirley jshir...@gmail.com wrote:
On Fri, Mar 26, 2010 at 9:31 AM, Jon mailinglists jon.ml...@gmail.com wrote:
On Fri, Mar 26, 2010 at 1:50 PM, Tomas Doran bobtf...@bobtfish.net wrote:
Jon mailinglists wrote:
Hi all,
[snip]
How is generating JSON in
18 matches
Mail list logo