Clarify limitations of $request->base and $request->secure.

Courtesy of Phil Mitchell <phil@2people.org>.

diff --git a/lib/Catalyst/Request.pm b/lib/Catalyst/Request.pm
index 4f9d7dc..81bda0f 100644 (file)
--- a/lib/Catalyst/Request.pm
+++ b/lib/Catalyst/Request.pm
@@ -223,7 +223,10 @@ Shortcut for arguments.
 
 =head2 $req->base
 
-Contains the URI base. This will always have a trailing slash.
+Contains the URI base. This will always have a trailing slash. Note that the
+URI scheme (eg., http vs. https) must be determined through heuristics;
+depending on your server configuration, it may be incorrect. See $req->secure
+for more info.
 
 If your application was queried with the URI
 C<http://localhost:3000/some/path> then C<base> is C<http://localhost:3000/>.
@@ -459,7 +462,12 @@ Shortcut for $req->headers->referer. Returns the referring page.
 
 =head2 $req->secure
 
-Returns true or false, indicating whether the connection is secure (https).
+Returns true or false, indicating whether the connection is secure
+(https). Note that the URI scheme (eg., http vs. https) must be determined
+through heuristics, and therefore the reliablity of $req->secure will depend
+on your server configuration. If you are serving secure pages on the standard
+SSL port (443) and/or setting the HTTPS environment variable, $req->secure
+should be valid.
 
 =head2 $req->captures