2 Catalyst::Plugin::RequireSSL - Force SSL mode on select pages
7 MyApp->setup( qw/RequireSSL/ );
9 MyApp->config->{require_ssl} = {
10 https => 'secure.mydomain.com',
11 http => 'www.mydomain.com',
14 detach_on_redirect => 1,
17 # in any controller methods that should be secured
21 Note: This module is considered to be deprecated for most purposes.
22 Consider using Catalyst::ActionRole::RequireSSL instead.
24 Use this plugin if you wish to selectively force SSL mode on some of
25 your web pages, for example a user login form or shopping cart.
27 Simply place $c->require_ssl calls in any controller method you wish to
30 This plugin will automatically disable itself if you are running under
31 the standalone HTTP::Daemon Catalyst server. A warning message will be
32 printed to the log file whenever an SSL redirect would have occurred.
35 If you utilize different servers or hostnames for non-SSL and SSL
36 requests, and you rely on a session cookie to determine redirection (i.e
37 for a login page), your cookie must be visible to both servers. For more
38 information, see the documentation for the Session plugin you are using.
41 Configuration is optional. You may define the following configuration
46 If your SSL domain name is different from your non-SSL domain, set this
51 If you have set the https value above, you must also set the hostname of
56 If you'd like your users to remain in SSL mode after visiting an
57 SSL-required page, you can set this option to 1. By default, this option
58 is disabled and users will be redirected back to non-SSL mode as soon as
63 If you have a wildcard certificate you will need to set this option if
64 you are using multiple domains on one instance of Catalyst.
68 By default "$c->require_ssl" only calls "$c->response->redirect" but
69 does not stop request processing (so it returns and subsequent
70 statements are run). This is probably not what you want. If you set this
71 option to a true value "$c->require_ssl" will call "$c->detach" when it
76 Call require_ssl in any controller method you wish to be secured.
80 The browser will be redirected to the same path on your SSL server. POST
81 requests are never redirected.
84 Call allow_ssl in any controller method you wish to access both in SSL
89 The browser will not be redirected, independently of whether the request
90 was made to the SSL or non-SSL server.
93 Disables this plugin if running under an engine which does not support
97 Performs the redirect to SSL url if required.
100 When viewing an SSL-required page that uses static files served from the
101 Static plugin, the static files are redirected to the non-SSL path.
103 In order to get the correct behaviour where static files are not
104 redirected, you should use the Static::Simple plugin or always serve
105 static files directly from your web server.
108 Catalyst, Catalyst::ActionRole::RequireSSL,
109 Catalyst::Plugin::Static::Simple
112 Andy Grundman, <andy@hybridized.org>
115 Simon Elliott <simon@browsing.co.uk> (support for wildcards)
118 This program is free software, you can redistribute it and/or modify it
119 under the same terms as Perl itself.