Commit | Line | Data |
1763fe29 |
1 | NAME |
d5e430c2 |
2 | Catalyst::Plugin::RequireSSL - Force SSL mode on select pages |
1763fe29 |
3 | |
4 | SYNOPSIS |
eeefd598 |
5 | # in MyApp.pm |
6 | use Catalyst; |
7 | MyApp->setup( qw/RequireSSL/ ); |
1763fe29 |
8 | |
d5e430c2 |
9 | MyApp->config->{require_ssl} = { |
10 | https => 'secure.mydomain.com', |
11 | http => 'www.mydomain.com', |
12 | remain_in_ssl => 0, |
1763fe29 |
13 | }; |
14 | |
eeefd598 |
15 | # in any controller methods that should be secured |
d5e430c2 |
16 | $c->require_ssl; |
1763fe29 |
17 | |
18 | DESCRIPTION |
d5e430c2 |
19 | Use this plugin if you wish to selectively force SSL mode on some of |
20 | your web pages, for example a user login form or shopping cart. |
1763fe29 |
21 | |
d5e430c2 |
22 | Simply place $c->require_ssl calls in any controller method you wish to |
23 | be secured. |
1763fe29 |
24 | |
d5e430c2 |
25 | This plugin will automatically disable itself if you are running under |
26 | the standalone HTTP::Daemon Catalyst server. A warning message will be |
27 | printed to the log file whenever an SSL redirect would have occurred. |
1763fe29 |
28 | |
d5e430c2 |
29 | WARNINGS |
30 | If you utilize different servers or hostnames for non-SSL and SSL |
31 | requests, and you rely on a session cookie to determine redirection (i.e |
32 | for a login page), your cookie must be visible to both servers. For more |
33 | information, see the documentation for the Session plugin you are using. |
1763fe29 |
34 | |
35 | CONFIGURATION |
36 | Configuration is optional. You may define the following configuration |
37 | values: |
38 | |
d5e430c2 |
39 | https => $ssl_host |
1763fe29 |
40 | |
d5e430c2 |
41 | If your SSL domain name is different from your non-SSL domain, set this |
42 | value. |
1763fe29 |
43 | |
d5e430c2 |
44 | http => $non_ssl_host |
1763fe29 |
45 | |
d5e430c2 |
46 | If you have set the https value above, you must also set the hostname of |
47 | your non-SSL server. |
1763fe29 |
48 | |
d5e430c2 |
49 | remain_in_ssl |
1763fe29 |
50 | |
d5e430c2 |
51 | If you'd like your users to remain in SSL mode after visiting an |
eeefd598 |
52 | SSL-required page, you can set this option to 1. By default, this option |
53 | is disabled and users will be redirected back to non-SSL mode as soon as |
54 | possible. |
1763fe29 |
55 | |
eeefd598 |
56 | METHODS |
57 | require_ssl |
58 | Call require_ssl in any controller method you wish to be secured. |
1763fe29 |
59 | |
eeefd598 |
60 | $c->require_ssl; |
1763fe29 |
61 | |
eeefd598 |
62 | The browser will be redirected to the same path on your SSL server. POST |
63 | requests are never redirected. |
1763fe29 |
64 | |
65 | KNOWN ISSUES |
d5e430c2 |
66 | When viewing an SSL-required page that uses static files served from the |
eeefd598 |
67 | Static plugin, the static files are redirected to the non-SSL path. |
1763fe29 |
68 | |
eeefd598 |
69 | In order to get the correct behaviour where static files are not |
70 | redirected, you should use the Static::Simple plugin or always serve |
71 | static files directly from your web server. |
1763fe29 |
72 | |
73 | SEE ALSO |
eeefd598 |
74 | Catalyst, Catalyst::Plugin::Static::Simple |
1763fe29 |
75 | |
76 | AUTHOR |
eeefd598 |
77 | Andy Grundman, <andy@hybridized.org> |
1763fe29 |
78 | |
79 | COPYRIGHT |
80 | This program is free software, you can redistribute it and/or modify it |
81 | under the same terms as Perl itself. |
82 | |