our $VERSION = '0.07';
-__PACKAGE__->mk_accessors( qw/_require_ssl _ssl_strip_output/ );
+__PACKAGE__->mk_accessors( qw/_require_ssl _allow_ssl _ssl_strip_output/ );
sub require_ssl {
my $c = shift;
}
}
+sub allow_ssl {
+ my $c = shift;
+
+ $c->_allow_ssl(1);
+}
+
sub finalize {
my $c = shift;
# we're already required to be in SSL for this request
last REDIRECT if $c->_require_ssl;
# or the user doesn't want us to redirect
- last REDIRECT if $c->config->{require_ssl}->{remain_in_ssl};
+ last REDIRECT if $c->config->{require_ssl}->{remain_in_ssl} || $c->_allow_ssl;
$c->res->redirect( $c->_redirect_uri('http') );
}
The browser will be redirected to the same path on your SSL server. POST
requests are never redirected.
+=head2 allow_ssl
+
+Call allow_ssl in any controller method you wish to access both in SSL and
+non-SSL mode.
+
+ $c->allow_ssl;
+
+The browser will not be redirected, independently of whether the request was
+made to the SSL or non-SSL server.
+
=head2 setup
Disables this plugin if running under an engine which does not support SSL.
use FindBin;\r
use lib "$FindBin::Bin/lib";\r
\r
-use Test::More tests => 15;\r
+use Test::More tests => 19;\r
use Catalyst::Test 'TestApp';\r
use HTTP::Request::Common;\r
\r
ok( $res = request('http://localhost/ssl/secured?a=2&a=1&b=3&c=4'), 'request ok' );\r
is( $res->header('location'), 'https://localhost/ssl/secured?a=1&a=2&b=3&c=4', 'redirect with params ok' );\r
\r
+# test that it does not redirect for actions where SSL mode is optional\r
+ok( my $res = request('http://localhost/ssl/maybe_secured'), 'request ok' );\r
+is( $res->code, 200, 'no redirect for optional SSL action' );\r
+\r
# test that it doesn't redirect on POST\r
my $request = POST( 'http://localhost/ssl/secured', \r
'Content' => '',\r
# test redirection params\r
ok( $res = request('https://localhost/ssl/unsecured?a=2&a=1&b=3&c=4'), 'request ok' );\r
is( $res->header('location'), 'http://localhost/ssl/unsecured?a=1&a=2&b=3&c=4', 'redirect with params ok' );\r
+\r
+ # test that it does not redirect for actions where SSL mode is optional\r
+ ok( $res = request('https://localhost/ssl/maybe_secured'), 'request ok' );\r
+ is( $res->code, 200, 'no redirect for optional SSL action' );\r
}\r
\r