[catagits/Catalyst-Plugin-RequireSSL.git] / README

NAME
    Catalyst::Plugin::RequireSSL - Force SSL mode on select pages

SYNOPSIS
        # in MyApp.pm
        use Catalyst;
        MyApp->setup( qw/RequireSSL/ );
    
        MyApp->config->{require_ssl} = {
            https => 'secure.mydomain.com',
            http => 'www.mydomain.com',
            remain_in_ssl => 0,
        };

        # in any controller methods that should be secured
        $c->require_ssl;

DESCRIPTION
    Use this plugin if you wish to selectively force SSL mode on some of
    your web pages, for example a user login form or shopping cart.

    Simply place $c->require_ssl calls in any controller method you wish to
    be secured.

    This plugin will automatically disable itself if you are running under
    the standalone HTTP::Daemon Catalyst server. A warning message will be
    printed to the log file whenever an SSL redirect would have occurred.

WARNINGS
    If you utilize different servers or hostnames for non-SSL and SSL
    requests, and you rely on a session cookie to determine redirection (i.e
    for a login page), your cookie must be visible to both servers. For more
    information, see the documentation for the Session plugin you are using.

CONFIGURATION
    Configuration is optional. You may define the following configuration
    values:

        https => $ssl_host
    
    If your SSL domain name is different from your non-SSL domain, set this
    value.

        http => $non_ssl_host
    
    If you have set the https value above, you must also set the hostname of
    your non-SSL server.

        remain_in_ssl
    
    If you'd like your users to remain in SSL mode after visiting an
    SSL-required page, you can set this option to 1. By default, this option
    is disabled and users will be redirected back to non-SSL mode as soon as
    possible.

METHODS
  require_ssl
    Call require_ssl in any controller method you wish to be secured.

        $c->require_ssl;

    The browser will be redirected to the same path on your SSL server. POST
    requests are never redirected.

KNOWN ISSUES
    When viewing an SSL-required page that uses static files served from the
    Static plugin, the static files are redirected to the non-SSL path.

    In order to get the correct behaviour where static files are not
    redirected, you should use the Static::Simple plugin or always serve
    static files directly from your web server.

SEE ALSO
    Catalyst, Catalyst::Plugin::Static::Simple

AUTHOR
    Andy Grundman, <andy@hybridized.org>

COPYRIGHT
    This program is free software, you can redistribute it and/or modify it
    under the same terms as Perl itself.
Commit	Line	Data
1763fe29	1	NAME
d5e430c2	2	Catalyst::Plugin::RequireSSL - Force SSL mode on select pages
1763fe29	3
1763fe29	4	SYNOPSIS
eeefd598	5	# in MyApp.pm
	6	use Catalyst;
	7	MyApp->setup( qw/RequireSSL/ );
1763fe29	8
d5e430c2	9	MyApp->config->{require_ssl} = {
	10	https => 'secure.mydomain.com',
	11	http => 'www.mydomain.com',
	12	remain_in_ssl => 0,
1763fe29	13	};
1763fe29	14
eeefd598	15	# in any controller methods that should be secured
d5e430c2	16	$c->require_ssl;
1763fe29	17
1763fe29	18	DESCRIPTION
d5e430c2	19	Use this plugin if you wish to selectively force SSL mode on some of
d5e430c2	20	your web pages, for example a user login form or shopping cart.
1763fe29	21
d5e430c2	22	Simply place $c->require_ssl calls in any controller method you wish to
d5e430c2	23	be secured.
1763fe29	24
d5e430c2	25	This plugin will automatically disable itself if you are running under
	26	the standalone HTTP::Daemon Catalyst server. A warning message will be
	27	printed to the log file whenever an SSL redirect would have occurred.
1763fe29	28
d5e430c2	29	WARNINGS
	30	If you utilize different servers or hostnames for non-SSL and SSL
	31	requests, and you rely on a session cookie to determine redirection (i.e
	32	for a login page), your cookie must be visible to both servers. For more
	33	information, see the documentation for the Session plugin you are using.
1763fe29	34
	35	CONFIGURATION
	36	Configuration is optional. You may define the following configuration
	37	values:
	38
d5e430c2	39	https => $ssl_host
1763fe29	40
d5e430c2	41	If your SSL domain name is different from your non-SSL domain, set this
d5e430c2	42	value.
1763fe29	43
d5e430c2	44	http => $non_ssl_host
1763fe29	45
d5e430c2	46	If you have set the https value above, you must also set the hostname of
d5e430c2	47	your non-SSL server.
1763fe29	48
d5e430c2	49	remain_in_ssl
1763fe29	50
d5e430c2	51	If you'd like your users to remain in SSL mode after visiting an
eeefd598	52	SSL-required page, you can set this option to 1. By default, this option
	53	is disabled and users will be redirected back to non-SSL mode as soon as
	54	possible.
1763fe29	55
eeefd598	56	METHODS
	57	require_ssl
	58	Call require_ssl in any controller method you wish to be secured.
1763fe29	59
eeefd598	60	$c->require_ssl;
1763fe29	61
eeefd598	62	The browser will be redirected to the same path on your SSL server. POST
eeefd598	63	requests are never redirected.
1763fe29	64
1763fe29	65	KNOWN ISSUES
d5e430c2	66	When viewing an SSL-required page that uses static files served from the
eeefd598	67	Static plugin, the static files are redirected to the non-SSL path.
1763fe29	68
eeefd598	69	In order to get the correct behaviour where static files are not
	70	redirected, you should use the Static::Simple plugin or always serve
	71	static files directly from your web server.
1763fe29	72
1763fe29	73	SEE ALSO
eeefd598	74	Catalyst, Catalyst::Plugin::Static::Simple
1763fe29	75
1763fe29	76	AUTHOR
eeefd598	77	Andy Grundman, <andy@hybridized.org>
1763fe29	78
	79	COPYRIGHT
	80	This program is free software, you can redistribute it and/or modify it
	81	under the same terms as Perl itself.
	82