[catagits/Catalyst-Plugin-RequireSSL.git] / README

NAME
    Catalyst::Plugin::RequireSSL - Force SSL mode on select pages

SYNOPSIS
        use Catalyst 'RequireSSL';
    
        MyApp->config->{require_ssl} = {
            https => 'secure.mydomain.com',
            http => 'www.mydomain.com',
            remain_in_ssl => 0,
        };

        $c->require_ssl;

DESCRIPTION
    Use this plugin if you wish to selectively force SSL mode on some of
    your web pages, for example a user login form or shopping cart.

    Simply place $c->require_ssl calls in any controller method you wish to
    be secured.

    This plugin will automatically disable itself if you are running under
    the standalone HTTP::Daemon Catalyst server. A warning message will be
    printed to the log file whenever an SSL redirect would have occurred.

WARNINGS
    If you utilize different servers or hostnames for non-SSL and SSL
    requests, and you rely on a session cookie to determine redirection (i.e
    for a login page), your cookie must be visible to both servers. For more
    information, see the documentation for the Session plugin you are using.

CONFIGURATION
    Configuration is optional. You may define the following configuration
    values:

        https => $ssl_host
    
    If your SSL domain name is different from your non-SSL domain, set this
    value.

        http => $non_ssl_host
    
    If you have set the https value above, you must also set the hostname of
    your non-SSL server.

        remain_in_ssl
    
    If you'd like your users to remain in SSL mode after visiting an
    SSL-required page, you can set this option to 1. By default, users will
    be redirected back to non-SSL mode as soon as possible.

  METHODS
    require_ssl
        Call require_ssl in any controller method you wish to be secured.

            $c->require_ssl;

        The browser will be redirected to the same path on your SSL server.
        POST requests are never redirected.

    finalize (extended)
        Redirect back to non-SSL mode if necessary.

    setup
        Setup default values.

    _redirect_uri
        Generate the redirection URI.

KNOWN ISSUES
    When viewing an SSL-required page that uses static files served from the
    Static plugin, the static files are redirected to the non-SSL path. It
    may be possible to work around this by checking the referer protocol,
    but currently there is no way to determine if a file being served is
    static content.

    For best results, always serve static files directly from your web
    server without using the Static plugin.

SEE ALSO
    Catalyst

AUTHOR
    Andy Grundman, "andy@hybridized.org"

COPYRIGHT
    This program is free software, you can redistribute it and/or modify it
    under the same terms as Perl itself.
Commit	Line	Data
1763fe29	1	NAME
d5e430c2	2	Catalyst::Plugin::RequireSSL - Force SSL mode on select pages
1763fe29	3
1763fe29	4	SYNOPSIS
d5e430c2	5	use Catalyst 'RequireSSL';
1763fe29	6
d5e430c2	7	MyApp->config->{require_ssl} = {
	8	https => 'secure.mydomain.com',
	9	http => 'www.mydomain.com',
	10	remain_in_ssl => 0,
1763fe29	11	};
1763fe29	12
d5e430c2	13	$c->require_ssl;
1763fe29	14
1763fe29	15	DESCRIPTION
d5e430c2	16	Use this plugin if you wish to selectively force SSL mode on some of
d5e430c2	17	your web pages, for example a user login form or shopping cart.
1763fe29	18
d5e430c2	19	Simply place $c->require_ssl calls in any controller method you wish to
d5e430c2	20	be secured.
1763fe29	21
d5e430c2	22	This plugin will automatically disable itself if you are running under
	23	the standalone HTTP::Daemon Catalyst server. A warning message will be
	24	printed to the log file whenever an SSL redirect would have occurred.
1763fe29	25
d5e430c2	26	WARNINGS
	27	If you utilize different servers or hostnames for non-SSL and SSL
	28	requests, and you rely on a session cookie to determine redirection (i.e
	29	for a login page), your cookie must be visible to both servers. For more
	30	information, see the documentation for the Session plugin you are using.
1763fe29	31
	32	CONFIGURATION
	33	Configuration is optional. You may define the following configuration
	34	values:
	35
d5e430c2	36	https => $ssl_host
1763fe29	37
d5e430c2	38	If your SSL domain name is different from your non-SSL domain, set this
d5e430c2	39	value.
1763fe29	40
d5e430c2	41	http => $non_ssl_host
1763fe29	42
d5e430c2	43	If you have set the https value above, you must also set the hostname of
d5e430c2	44	your non-SSL server.
1763fe29	45
d5e430c2	46	remain_in_ssl
1763fe29	47
d5e430c2	48	If you'd like your users to remain in SSL mode after visiting an
	49	SSL-required page, you can set this option to 1. By default, users will
	50	be redirected back to non-SSL mode as soon as possible.
1763fe29	51
1763fe29	52	METHODS
d5e430c2	53	require_ssl
d5e430c2	54	Call require_ssl in any controller method you wish to be secured.
1763fe29	55
d5e430c2	56	$c->require_ssl;
1763fe29	57
d5e430c2	58	The browser will be redirected to the same path on your SSL server.
d5e430c2	59	POST requests are never redirected.
1763fe29	60
1763fe29	61	finalize (extended)
d5e430c2	62	Redirect back to non-SSL mode if necessary.
1763fe29	63
	64	setup
	65	Setup default values.
	66
d5e430c2	67	_redirect_uri
d5e430c2	68	Generate the redirection URI.
1763fe29	69
1763fe29	70	KNOWN ISSUES
d5e430c2	71	When viewing an SSL-required page that uses static files served from the
	72	Static plugin, the static files are redirected to the non-SSL path. It
	73	may be possible to work around this by checking the referer protocol,
	74	but currently there is no way to determine if a file being served is
	75	static content.
1763fe29	76
d5e430c2	77	For best results, always serve static files directly from your web
d5e430c2	78	server without using the Static plugin.
1763fe29	79
1763fe29	80	SEE ALSO
d5e430c2	81	Catalyst
1763fe29	82
	83	AUTHOR
	84	Andy Grundman, "andy@hybridized.org"
	85
	86	COPYRIGHT
	87	This program is free software, you can redistribute it and/or modify it
	88	under the same terms as Perl itself.
	89