NAME

Catalyst::Plugin::RequireSSL - Force SSL mode on select pages

SYNOPSIS

use Catalyst 'RequireSSL';

MyApp->config->{require_ssl} = {
    https => 'secure.mydomain.com',
    http => 'www.mydomain.com',
    remain_in_ssl => 0,
};

$c->require_ssl;

DESCRIPTION

Use this plugin if you wish to selectively force SSL mode on some of your web pages, for example a user login form or shopping cart.

Simply place $c->require_ssl calls in any controller method you wish to be secured.

This plugin will automatically disable itself if you are running under the standalone HTTP::Daemon Catalyst server. A warning message will be printed to the log file whenever an SSL redirect would have occurred.

WARNINGS

If you utilize different servers or hostnames for non-SSL and SSL requests, and you rely on a session cookie to determine redirection (i.e for a login page), your cookie must be visible to both servers. For more information, see the documentation for the Session plugin you are using.

CONFIGURATION

Configuration is optional. You may define the following configuration values:

https => $ssl_host

If your SSL domain name is different from your non-SSL domain, set this value.

http => $non_ssl_host

If you have set the https value above, you must also set the hostname of your non-SSL server.

remain_in_ssl

If you'd like your users to remain in SSL mode after visiting an SSL-required page, you can set this option to 1. By default, users will be redirected back to non-SSL mode as soon as possible.

METHODS

require_ssl

Call require_ssl in any controller method you wish to be secured.

$c->require_ssl;

The browser will be redirected to the same path on your SSL server. POST requests are never redirected.

finalize (extended)

Redirect back to non-SSL mode if necessary.

setup

Setup default values.

_redirect_uri

Generate the redirection URI.

KNOWN ISSUES

When viewing an SSL-required page that uses static files served from the Static plugin, the static files are redirected to the non-SSL path. It may be possible to work around this by checking the referer protocol, but currently there is no way to determine if a file being served is static content.

For best results, always serve static files directly from your web server without using the Static plugin.

AUTHOR

Andy Grundman, andy@hybridized.org

COPYRIGHT

This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

To install Catalyst::Plugin::RequireSSL, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Plugin::RequireSSL

CPAN shell

perl -MCPAN -e shell
install Catalyst::Plugin::RequireSSL

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)