NAME Plack::Middleware::RefererCheck - check referer for defensive CSRF attack. SYNOPSIS use Plack::Builder; builder { enable 'RefererCheck', host => 'www.example.com', same_scheme => 1, error_app => sub { [403, [], ['Forbidden']] }; $app; }; or more simply(host from $env->{HTTP_HOST} and same_scheme => 0) # this is vulnerabilly for DNS Rebinding builder { enable 'RefererCheck'; $app; }; DESCRIPTION Plack::Middleware::RefererCheck CONFIGURATION host Instead of using $env->{HTTP_HOST} if you set. same_scheme Check if you are setting "1" the same scheme.default: "0" error_app Is an PSGI-app that runs on errors.default: return 403 Forbidden app. AUTHOR Masahiro Chiba LICENSE This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. SEE ALSO Plack::Middleware Plack::Builder