Commit | Line | Data |
1763fe29 |
1 | NAME |
d5e430c2 |
2 | Catalyst::Plugin::RequireSSL - Force SSL mode on select pages |
1763fe29 |
3 | |
4 | SYNOPSIS |
d5e430c2 |
5 | use Catalyst 'RequireSSL'; |
1763fe29 |
6 | |
d5e430c2 |
7 | MyApp->config->{require_ssl} = { |
8 | https => 'secure.mydomain.com', |
9 | http => 'www.mydomain.com', |
10 | remain_in_ssl => 0, |
1763fe29 |
11 | }; |
12 | |
d5e430c2 |
13 | $c->require_ssl; |
1763fe29 |
14 | |
15 | DESCRIPTION |
d5e430c2 |
16 | Use this plugin if you wish to selectively force SSL mode on some of |
17 | your web pages, for example a user login form or shopping cart. |
1763fe29 |
18 | |
d5e430c2 |
19 | Simply place $c->require_ssl calls in any controller method you wish to |
20 | be secured. |
1763fe29 |
21 | |
d5e430c2 |
22 | This plugin will automatically disable itself if you are running under |
23 | the standalone HTTP::Daemon Catalyst server. A warning message will be |
24 | printed to the log file whenever an SSL redirect would have occurred. |
1763fe29 |
25 | |
d5e430c2 |
26 | WARNINGS |
27 | If you utilize different servers or hostnames for non-SSL and SSL |
28 | requests, and you rely on a session cookie to determine redirection (i.e |
29 | for a login page), your cookie must be visible to both servers. For more |
30 | information, see the documentation for the Session plugin you are using. |
1763fe29 |
31 | |
32 | CONFIGURATION |
33 | Configuration is optional. You may define the following configuration |
34 | values: |
35 | |
d5e430c2 |
36 | https => $ssl_host |
1763fe29 |
37 | |
d5e430c2 |
38 | If your SSL domain name is different from your non-SSL domain, set this |
39 | value. |
1763fe29 |
40 | |
d5e430c2 |
41 | http => $non_ssl_host |
1763fe29 |
42 | |
d5e430c2 |
43 | If you have set the https value above, you must also set the hostname of |
44 | your non-SSL server. |
1763fe29 |
45 | |
d5e430c2 |
46 | remain_in_ssl |
1763fe29 |
47 | |
d5e430c2 |
48 | If you'd like your users to remain in SSL mode after visiting an |
49 | SSL-required page, you can set this option to 1. By default, users will |
50 | be redirected back to non-SSL mode as soon as possible. |
1763fe29 |
51 | |
52 | METHODS |
d5e430c2 |
53 | require_ssl |
54 | Call require_ssl in any controller method you wish to be secured. |
1763fe29 |
55 | |
d5e430c2 |
56 | $c->require_ssl; |
1763fe29 |
57 | |
d5e430c2 |
58 | The browser will be redirected to the same path on your SSL server. |
59 | POST requests are never redirected. |
1763fe29 |
60 | |
61 | finalize (extended) |
d5e430c2 |
62 | Redirect back to non-SSL mode if necessary. |
1763fe29 |
63 | |
64 | setup |
65 | Setup default values. |
66 | |
d5e430c2 |
67 | _redirect_uri |
68 | Generate the redirection URI. |
1763fe29 |
69 | |
70 | KNOWN ISSUES |
d5e430c2 |
71 | When viewing an SSL-required page that uses static files served from the |
72 | Static plugin, the static files are redirected to the non-SSL path. It |
73 | may be possible to work around this by checking the referer protocol, |
74 | but currently there is no way to determine if a file being served is |
75 | static content. |
1763fe29 |
76 | |
d5e430c2 |
77 | For best results, always serve static files directly from your web |
78 | server without using the Static plugin. |
1763fe29 |
79 | |
80 | SEE ALSO |
d5e430c2 |
81 | Catalyst |
1763fe29 |
82 | |
83 | AUTHOR |
84 | Andy Grundman, "andy@hybridized.org" |
85 | |
86 | COPYRIGHT |
87 | This program is free software, you can redistribute it and/or modify it |
88 | under the same terms as Perl itself. |
89 | |