App-CamelPKI
view release on metacpan or search on metacpan
lib/App/CamelPKI/Action/JSON.pm view on Meta::CPAN
The L<App::CamelPKI::View::JSON> view is selected;
=item *
If an error is raised, it is served in C<text/plain> instead of HTML
(see L<App::CamelPKI/end>);
=item *
The I<cross-site request forgery> attack
(<http://en.wikipedia.org/wiki/JSON#Security_issues>) is blocked.
=back
=head2 How to call a JSON view to do JSON-RPC
Set the C<Accept> header to a value containing the substring
C<application/json>, lest the request be rejected. This is to thwart
the I<cross-site request forgery> attack, by ensuring that the deputy
is not confused (that is, that the browser actually was aware that it
was invoking a JSON resource).
lib/App/CamelPKI/CADB.pm view on Meta::CPAN
my $base = open_db;
COMMIT: for my $i (1..$numcommits) {
my $done = try {
for my $j (1..$numincs) {
$fd->print($base->next_serial("zoinx") . "\n");
}
$base->commit;
1;
} catch Error with {
my $E = shift;
die($E) unless ($E =~ m/database is locked/i);
select(undef, undef, undef, rand);
$base = open_db;
0;
};
# If we got a serial with ->next_serial, the test as now
# written makes it mandatory that we succeed to commit
# later. It's not strictly needed if the caller knows how to
# do a two-phase commit, but we err on the safe side.
redo COMMIT if ! $done;
}
lib/App/CamelPKI/RestrictedClassMethod.pm view on Meta::CPAN
$self->lockdown();
$self->{grabbed}++;
return $self;
}
=head2 fake_grab($classname)
Returns an object of class
L</App::CamelPKI::RestrictedClassMethod::FakeBrand>. Unlike the real
L</grab>, a C<fake_grab()> has no security consequences: restricted
methods are not locked down (see L</lockdown>), and C<fake_grab()> may
succeed several times for the same $classname.
=cut
sub fake_grab {
my ($class, $wantclass) = @_;
return bless { class => $wantclass },
"App::CamelPKI::RestrictedClassMethod::FakeBrand";
}
( run in 1.396 second using v1.01-cache-2.11-cpan-49f99fa48dc )